Thread: BEWARE! PHishing Expedition!
View Single Post
  #11   Report Post  
Posted to rec.crafts.metalworking
DoN. Nichols DoN. Nichols is offline
external usenet poster
  
Posts: 2,600
Default BEWARE! PHishing Expedition!
On 2008-11-04, Leon Fisk wrote:
On Mon, 03 Nov 2008 16:37:59 -0600, Jon Elson
wrote:

snip
I also made the password even harder to guess, essentially gibberish!
snip

The best, hardest to crack, easy to remember passwords are
simply long phrases. Like:

"my favorite car was a 1973 chevy elcamino"

or

"I enjoy reading rec.crafts.metalworking when I really
should be working"

Not much fun to type in, but easy to remember.

And passwords can be generated using such phrases or sentences
using the initial letters, replacing some words with symbols which have
a link in *your* mind, whether they fit someone else's is a different
matter. I once used '%' as a symbol for "bicycle". (Think of one
rearling up on the rear wheel.)

Short passwords, even with gibberish aren't all that hard to
crack. At least that is what the security experts claim...

Of course, in many systems, longer passwords can't be used. In
most early unix systems, only the first eight characters actually
matter, everything past that is ignored. The password is hashed (not
really encrypted) turning it into a 14-character stored field
which can't be reversed back to the password. Instead, when you log in,
the system uses the last two characters (the salt) to figure out which
of 4096 versions of the hashing to use, and applies that to what you
type in, and compares that to the stored hashed value.

Later versions use other hashing techniques which can accept
much longer significant parts of the password, and in that case the
phrase or sentence is the way to go -- though it helps if you work some
non-standard punctuation characters into it even so.

In OpenBSD, the limit is significantly larger:


================================================== ====================
The new password should be at least six characters long and not purely
alphabetic. Its total length must be less than _PASSWORD_LEN (currently
128 characters). A mixture of both lower and uppercase letters, numbers,
and meta-characters is encouraged.
================================================== ====================

Note the suggestion that you mix in upper, lower, numeric, and
punctuation.

Enjoy,
DoN.

--
Email: | Voice (all times): (703) 938-4564
(too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html
--- Black Holes are where God is dividing by zero ---
Reply With QuoteReply With Quote