Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2014-10-17 12:49:49 by cybergrue

Dangerous advice

Another good episode, but the advice on using haystacks was dangerous. As you mentioned, the search space is becoming to large to sytematiclly search, so password crakers have evolved. One method they use is to take found words (not just out of a standard dictionary, such as all the words in wikipedia, other languages, leaked password lists, etc.) and try these plus varients like padding with additional characters, combining multiple words together (with and without spaces). In one news story, a password cracking package was breaking passwords that were 55 characters long! https://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/
These passwords were weak (common words strung together like the xkcd advice are particularly vulnerable) https://xkcd.com/936/ but it does show there are no short-cuts in creating a good password, it has to be completely random, mixed cases with symbols and numbers and long!
I would have submitted a responce show, but I think that this is too important, and that you should be the one to say this.

Comment #2 posted on 2014-10-17 18:06:45 by John

Thanks, very interesting information. I appreciate you taking the time to do this, and the other podcasts you contribute. All the best, John

Comment #3 posted on 2014-10-21 19:34:45 by Kevin O'Brien

Please do a show

Cybergrue, I think you should do a show. It would be a great contribution. I have never thought that my opinions were the last word on anything, and I welcome dialog, as Ken Fallon can attest.

Comment #4 posted on 2014-10-22 06:15:53 by Ken Fallon

Very good show but 2 comments

1. The use of the word Hacker without prefixing it with malicious
2. Many systems restrict the length and type of characters that can be used

Comment #5 posted on 2014-10-22 20:42:21 by Kevin O'Brien

Yes and ...

Guilty on the first point. I should have been more precise.

On the second point, are you saying that it is _good_ to restrict length and characters in passwords? Because if so I would love to hear your reasoning. Maybe I missed something in my analysis.

Comment #6 posted on 2014-10-23 17:17:44 by pokey

Another Excellent episode

Full of Great information, and presented in an entertaining way, by a man who could (and did) keep listeners engaged while reading the phone book. Thanks for everything you do for HPR, Ahuka.

cybergrue,
1. a great point. Thank you.
2. Please do a show detailing this. You're a member of our community, so we want to hear from you as well. It doesn't have to be long, it just has to be you. TIA.

Comment #7 posted on 2014-10-24 19:36:47 by Ken Fallon

NO!!!

No length restrictions are not good, nor are charachter restrictions. Yet it is a fact that these restrictions exist.

Comment #8 posted on 2014-10-30 11:35:35 by Mike Ray

Pasting passwords?

This is probably a stupid question about passwords. I recently had reason to believe I had been attacked by a key-stroke harvesting nasty, and it prompts the question; is it a good idea, or even is it remotely effective, to paste a password from the clipboard if it has been copied from another document? This at least gets round the key-stroke bandits, right?

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).