|
2007-10-02, 16:53
|
#12 |
|
∂2ω=0
Sep 2002
República de California
103×113 Posts |
We should probably dub this strategy [or non-strategy, as the case may be] of hiding it in plain sight the "purloined letter strategy," after the famous E.A.Poe short story.
"We use PLS2007 encryption here at our nuclear lab" - sounds pretty impressive, don't it? |
|
|
|
2007-10-05, 19:04
|
#13 |
Jun 2005
373 Posts |
A propos passwords:
Xyzzy, what I was always wondering: are you able to see my password, "biggudikku" ("Big dick" in japanese), and can hence more easily guess the password for my email account, "grossebohnen"? And if you can, do you do so? That's what I was always wondering. H. |
|
|
|
|
2007-10-07, 10:29
|
#14 | |
|
Bamboozled!
"𒉺𒌌𒇷𒆷𒀭"
May 2003
Down not across
250018 Posts |
Quote:
I can't see you typing your password from where I am. However, if I were looking over your shoulder, I could almost certainly see you typing. If the characters were visible, I would almost certainly memorize them. I've done so in the past in other circumstances and I don't see why I shouldn't be able to do so in the future. There are several places around the world where I can get in through PIN-protected door locks... Further, I have had quite a bit of practice with password searching in the past. A useful exercise with Google might be to validate that claim. You may have to go back 15 years or more. I'll make life easier for you and suggest some keywords: "Crack", "dictionary" (or "dictionaries"), "lexicon" (or "lexicons"), "OxCERT", "black.ox.ac.uk" and "ftp.ox.ac.uk" will get you started. If, after researching the situation, you still don't believe that I'd spent time and effort trying to work out whether you have a pattern in choosing your password and testing my hypotheses, I'd say you were hopelessly naive. All the above assumes that I'd have a motive to spend that effort. I have had sound motives in the past. Unfortunately, I can't give you detailed information about the cases I've investigated (CERTs have strict confidentiality procedures) but I assure you that I've broken people's passwords in earnest. Paul Last fiddled with by xilman on 2007-10-07 at 14:43 Reason: Fix a couple of speeling misteaks |
|
|
|
|
|
2007-10-07, 14:03
|
#15 |
"Mike"
Aug 2002
25×257 Posts |
All the passwords in the forum database are encrypted so even if you forget your password and ask us to send you a reminder we cannot. The only recourse is to reset the password. (Well, with enough time we could brute force the password, but it would take a long time.)
We also have a "login attempt rate limiter, with lockout" to prevent brute force attacks to the forum. In the past we have had to break passwords on machines we have had physical access to. We have done so the hard way (brute force dictionary attacks) but usually it is much easier to just boot the machine in single user mode and get root access. For fun, sometimes we'll run a password cracker against the password file on some of our friend's machines, at their request. Usually more than half the passwords are easily retrieved within an hour or so. Some info about vBulletin's password system: http://www.vbulletin.com/forum/showthread.php?t=131103 http://www.vbulletin.com/forum/showthread.php?p=543534 By far the easiest way to get a password is via social engineering. |
|
|
|
|
2007-10-07, 15:34
|
#16 | |
Jun 2003
7·167 Posts |
Quote:
Everyone else should assume that websites do this, and not re-use critical passwords (such as for online banking sites) anywhere else. |
|
|
|
|
|
2007-10-08, 13:14
|
#17 |
|
Undefined
"The unspeakable one"
Jun 2006
My evil lair
22×1,549 Posts |
Of course, not forgetting that the entire login process is not encrypted in any fashion while the information is on it's way from your browser to the forum server. Any ISP or router hub sysop could have all your passwords for those non-SSL sites you log into.
Just wanted to add this: I never bother to use a hard to guess (and type) password for non-encrypted sites. It is just too easy for anyone to monitor the TCP port and grab whatever they want. I thought about it and decided if I use one of those ugly hard passwords it is more bother for me each time I use it than for the website sysop to extract it. It would only create more bother for me every time I visit and log in. Besides, the sysop already has complete access to everything, so there is no sense in trying to keep him/her out with an ugly password. Last fiddled with by retina on 2007-10-08 at 13:19 |
|
|
|
2007-10-08, 13:55
|
#18 | |
|
Jun 2003
7·167 Posts |
Quote:
For example, I create unique memorable passwords for different sites by munging the domain name. If that were all I do, then a malicious sysop could perhaps work out the munging algorithm and guess other passwords. To prevent this I pass the result of the munge through mkpasswd, then munge a second time. |
|
|
|
|
|
2007-10-08, 14:11
|
#19 | |
Jan 2006
Hungary
4148 Posts |
Quote:
Willem. |
|
|
|
|
|
2007-10-20, 15:08
|
#20 |
|
I quite division it
"Chris"
Feb 2005
England
1000000111012 Posts |
I was thinking about passwords the other day when I was laying awake worrying about prime numbers. (Somebody has to.)
An easy way to generate and remember numerical passwords (or PINs) is to just remember a fairly small prime number and then calculate that prime mod each smaller prime. i.e. for 17 17 mod 2 is 1 17 mod 3 is 2 17 mod 5 is 2 etc. So the code is 122364. Unguessable by non-nerds anyway. (You could start from mod a higher prime instead of 2 but that would be an extra thing to remember.) btw Would any of these sequences be in the OEIS in a different guise? |
|
|
|
|
2007-10-20, 21:27
|
#21 | |
Feb 2006
Denmark
2×5×23 Posts |
Quote:
|
|
|
|
|
 |
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Windows 10 in Ubuntu, good idea, bad idea, or...? | jasong | jasong | 8 | 2017-04-07 00:23 |
| Stupid Windows.... | petrw1 | Hardware | 11 | 2013-01-16 02:45 |
| Bright full moon tonight | davieddy | Lounge | 22 | 2009-01-18 18:01 |
| (may be) stupid idea for speed of mersenne-LLT | Random_zh | Software | 1 | 2006-11-24 08:25 |
| Stupid Question | fropones | Math | 2 | 2003-05-28 00:44 |
