26 Apr
2007
26 Apr
'07
1:25 p.m.
On Wed, 2007-04-25 at 16:16 -0400, Ethan Dicks wrote:
. . . I did find plenty of trivial passwords like
"abc" combined with small numeric suffixes and/or
prefixes, though - all found *very* quickly by Crack.
The ones that took the longest (2 out of 400 users)
were dictionary words with the common 1=i, 0=o sorts
of substitutions and no punctuation. They were
cracked during my normal run, but not in the first
15 minutes.
Anything with just "abc" and numbers fell in seconds
or minutes. We did not allow enough time for a
strict brute-force attack, so the half of the users
who did not use modified or unmodified words from a
dictionary fared well.
I always loved the cat-and-mouse adventure of passwords... either
on the protection or breaking side -- it makes little difference to me.
One thing I have found that is a good compromise between being able to
remember it easily and being secure is as follows. If this list had
passwords, I might make one up as follows:
It's a list for old computers. My oldest is an IMSAI. It's a list
for OLD computers, so a related keyword would be, for me, "lawn," as in
"you kids get off of my lawn." Two words, and then a number... I got
my old computer in 1977.
So far, I have IMSAI, lawn, and 1977. I would be likely to come up
with those three words again, if I needed them. So, to secure them a
bit, I take one character from each, in rotation. The password thus
generated would be Il1Ma9Sw7An7I. Enjoy cracking THAT. I probably
should not have mentioned it...
Peace,
Warren E. Wolfe
wizard at voyager.net