Thread: Password security
View Single Post
03-05-2007, 10:15 PM
 #1
Village Genius is offline Village Genius
Village Genius's Avatar
Status: Geek
Join date: Apr 2006
Location: Denver, CO
Expertise: Software
Software: Chrome, Notepad++
 
Posts: 6,894
iTrader: 18 / 100%
 

Village Genius will become famous soon enough

  Old  Password security

I gave this to the leader of a clan I was in due to some hackings, so I decided to post this here as well.

Here is a piece of a book ive been reading.


Users choose bad passwords. Its part of human nature. Numerous studies have confirmed that if they are allowed to, most users will create a password guessed in a short order.

A dictionary attack is an automated attack against an authentication system. The cracker commonly uses a list of potential passwords (say all two-word combinations of words in the English language) and tries to log in to a given user account with each in succession. This sort of attack does not work with random passwords, but is incredibly effective against accounts where users choose dictionary passwords. Ironicly, a tuned system makes dictionary attack even easier for the cracker. I was astounded at an old job to learn that a cracker can launch an attack trying over 100 passwords per SECOND. At that rate he could empty a 50,000 word dictionary in under 10min

This was form a book called Advanced PHP Programming by George Schlossnagle, they where talking about secure login systems.

I know from personal (test) experiences (ALL done by me on my accounts) that you can launch an attack much faster when you are cracking a computer based program. A intermediate c++ programmer can make a bare bones password cracker. I didn't care about strong password security till I learned a but about it, my old passwords where all words and possibly numbers after them, mostly in a sequence. How does one get a secure password? Use a random number generator such as the one here http://www.pctools.com/guides/password/ . All my passwords are 10 chars or more, mixed case alpha-numeric passwords, passwords for things like my bank account are more. I have never been hacked under those. Where to store them? If you have a PDA/cell that will do good, but if you are like me and dont, You should store them in an encrypted text file in your docs (to encrypt, right click on the file -> properties -> advanced -> check "encrypt file to secure data"). You will be able to read it in your account, but other accounts in the computer cant read it. As long as you have a firewall don't worry about being hacked for that password on your computer. This will make your passwords as close to uncrackable as you will be able to get them. I encourage anyone with mod/admin access to anything to implement this strategy.