Posted on 03/06/2011 10:49:29 AM PST by george76
(Excerpt) Read more at bookofjoe.com ...
Paging Watson. Paging Watson . . .
Mine are in Latin, does that help?
What do you need a password for?
Not any more, now that we know...
I just use “password” - isn’t that good enough? /s
this is my password that i use AllenLudden
Take a guy aged 18-70.
Find out what college he went to.
Find out what year he graduated, or what year he was born.
75% probability his password is something like “Buckeye 98” or “Buckeye51”.
Of course, 99% of all quoted probability numbers are made up...
Some places don’t allow numbers or symbols.
It’s certainly trivial to generate all of the possible sequences in a mimimal amount of time, particularly for shorter, all lower-case passwords.
On the other hand, how many login systems would allow such a huge number of failed attempts at the rate needed to make the stated times real? Any that do clearly aren’t following good security practices on their end.
Our mixed SPARC Solaris/X86 Linux environment
is administered with a password policy that
requires 12 character passwords that must
include upper case, lower case, a number and
a symbol. Passwords must be changed quarterly.
You can not reuse a password.
Our mixed SPARC Solaris/X86 Linux environment
is administered with a password policy that
requires 12 character passwords that must
include upper case, lower case, a number and
a symbol. Passwords must be changed quarterly.
You can not reuse a password.
This is a common misconception which has injured many. The encrypted password must be looked up in a database of encrypted passwords. If the attacker gains access to the database and copies it, the lookups may be performed offline with respect to the attacked system or systems. The attacker will know when they have the correct password, and they may use it without leaving a trail of failed attempts.
And you can find everyone's password on a sticky note stuck to their monitor.
you got that right. I have made entry mistakes, twice, then I am locked out. Can’t get back in until I call, sometimes they tell me change everything, just because ??.
THAT'S JUST FUNNY, so true.
With all due respect, you’ve obviously never tried to hack into anything, Bob. There are two primary methods, the first being creating your own backdoor or exploiting an existing one, and then creating your own superuser.
The second, which is addressed here (poorly) is just using brute force and trying passwords until you get it right. It’s almost impossible to do directly at the user login prompt. Instead, you attack the password file itself which you can rapidly hit a gazzilon times a second until you score. Then, you go to the user login.
Doesn't that method require the attacker to know the encryption algorithm and the seed being used to perform the encryption? Or can that information be determined from the encrypted passwords in the database?
I would have guessed “beeber”.....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.