Password Security

Discussion in 'Computer Security' started by Joseph, Jan 21, 2006.

  1. Joseph

    Joseph Guest

    I've read the literature about having strong passwords that contain numbers,
    symbols, upper and lower case, over 8 characters and also be gibberish.
    Obviously there must be a balance between strenth and using a password that
    is at least memorable.

    Not being a security expert, would anyone tell me how secure an 8 character
    password would be consisting of numbers, upper and lower case letters and is
    just gibberish, thus not prone to dictionary attacks.

    Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    combinations.

    How long would it take to crack a password of this complexity by brute
    force?

    Thank you
     
    Joseph, Jan 21, 2006
    #1
    1. Advertising

  2. Joseph

    Arthur T. Guest

    In Message-ID:<uVzAf.416644$ki.103302@pd7tw2no>,
    "Joseph" <joseph388@@hotmail.com> wrote:

    >Obviously there must be a balance between strenth and using a password that
    >is at least memorable.


    From what I read, most security experts are now suggesting
    that you write down your passwords *and make sure that list is
    secured*. (The equivalent is to keep them encrypted by a master
    key that's very secure.) This is because of the large number of
    passwords people now need. Of course, you shouldn't use the same
    password for multiple uses.


    >Not being a security expert, would anyone tell me how secure an 8 character
    >password would be consisting of numbers, upper and lower case letters and is
    >just gibberish, thus not prone to dictionary attacks.
    >
    >Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    >combinations.
    >
    >How long would it take to crack a password of this complexity by brute
    >force?


    I'm also not a security expert, but the usual measure of a
    key's security is number of bits of entropy. For truly random
    data, you can find this from the log base 2 of the number of
    combinations. For your password scheme, that's just under 48
    bits. That's considered weak and easily crackable. DES is 56
    bits and considered to be too easy to crack.

    --
    Arthur T. - ar23hur "at" speakeasy "dot" net
    Looking for a good MVS systems programmer position
     
    Arthur T., Jan 22, 2006
    #2
    1. Advertising

  3. Joseph

    Winged Guest

    Joseph wrote:
    > I've read the literature about having strong passwords that contain numbers,
    > symbols, upper and lower case, over 8 characters and also be gibberish.
    > Obviously there must be a balance between strenth and using a password that
    > is at least memorable.
    >
    > Not being a security expert, would anyone tell me how secure an 8 character
    > password would be consisting of numbers, upper and lower case letters and is
    > just gibberish, thus not prone to dictionary attacks.
    >
    > Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    > combinations.
    >
    > How long would it take to crack a password of this complexity by brute
    > force?
    >
    > Thank you
    >
    >


    A good page to address your questions can be found here:

    http://geodsoft.com/howto/password/cracking_passwords.htm#cracktime

    Winged
     
    Winged, Jan 22, 2006
    #3
  4. Joseph

    Donnie Guest

    "Joseph" <joseph388@@hotmail.com> wrote in message
    news:uVzAf.416644$ki.103302@pd7tw2no...
    > I've read the literature about having strong passwords that contain

    numbers,
    > symbols, upper and lower case, over 8 characters and also be gibberish.
    > Obviously there must be a balance between strenth and using a password

    that
    > is at least memorable.
    >
    > Not being a security expert, would anyone tell me how secure an 8

    character
    > password would be consisting of numbers, upper and lower case letters and

    is
    > just gibberish, thus not prone to dictionary attacks.

    #################################
    A dictionary attack only uses words in the dictionary, so if numbers and
    other symbols are included, a dictionary attack is worthless. I've cracked
    many passwds using John The Ripper and I never used wordlists. john -i
    passwd_file That's it.
    Of course most of those were dictionary passwds, some were pretty funny like
    user frog, passwd leap, stupid things like that.
    donnie
    #################################
    > Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    > combinations.
    >
    > How long would it take to crack a password of this complexity by brute
    > force?
    >
    > Thank you
    >

    #######################################
    Brute force is another story. If a passwd is strong, it could take forever
    but that's when you move on to the next file or look for a weaker entry
    point.
    donnie.
     
    Donnie, Jan 22, 2006
    #4
  5. Donnie wrote:

    > A dictionary attack only uses words in the dictionary, so if numbers and
    > other symbols are included, a dictionary attack is worthless. I've


    Unless your dictionary has "numbers and other symbols" in it. Dictionary
    attacks don't use "the" dictionary, they use a file or files full of
    whatever the attacker chooses to put in them.

    Also, there's other types of brute force attacks where the "dictionary" is
    randomly generated on the fly, from whatever characters or "symbols" the
    attacker configures.
     
    George Orwell, Jan 22, 2006
    #5
  6. Joseph

    Robert Guest

    On Sat, 21 Jan 2006 23:59:22 +0000, Joseph wrote:

    > I've read the literature about having strong passwords that contain numbers,
    > symbols, upper and lower case, over 8 characters and also be gibberish.
    > Obviously there must be a balance between strenth and using a password that
    > is at least memorable.


    I always tell people to forget about using words for their passwords, use
    phrases.

    For example;

    When It Rains It Pours But When The Sun Comes Out It's Warm
    A Bird In The Hand Is Better Then Two In The Tree

    Then use only the first letter of every word

    thus having;
    wiripbwtscoiw
    abithibttitt

    Then swap letters for numbers;
    a=4 e=3 i=1 o=0 s=8 p=9 l=7

    would translate to;
    w1r19bwtsc01w
    4b1th1bttb1tt

    Other possible flips could be to use the number in place of the word e.i,

    one=1 four=4 and so on.

    You could also use the '&' in place for the word 'and'

    You can make the flip anything you want but make it so that you will
    remember what that flip is. Then add punctuation as needed.

    Password generators are good to and their passwords have no reason behind
    then and this makes them good but it also make it harder to remember them.

    Also never use short phrases. At least 10 letter long. 15 or more is
    even better.

    There is no such thing as an in-crackable password. Given enough time all
    passwords can and will be cracked. We just have to make it harder for the
    cracker and hope that he will be caught before he can crack the password.


    --

    Regards
    Robert

    Smile... it increases your face value!


    ----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
    http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
    ----= East and West-Coast Server Farms - Total Privacy via Encryption =----
     
    Robert, Jan 22, 2006
    #6
  7. Joseph wrote:

    > I've read the literature about having strong passwords that contain
    > numbers, symbols, upper and lower case, over 8 characters and also be
    > gibberish. Obviously there must be a balance between strenth and using a
    > password that is at least memorable.
    >
    > Not being a security expert, would anyone tell me how secure an 8
    > character password would be consisting of numbers, upper and lower case
    > letters and is just gibberish, thus not prone to dictionary attacks.
    >
    > Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    > combinations.
    >
    > How long would it take to crack a password of this complexity by brute
    > force?


    At 100 guesses a second, it would take about 218.3 Billion seconds to try
    every possible combination. You do the math, but I'm guessing in the
    thousands of years.

    Note that it's generally not necessary to try every combination. The rule
    of thumb is half of them. The 50/50 point is what you want to focus on.
     
    Borked Pseudo Mailed, Jan 22, 2006
    #7
  8. Joseph

    Dave Keays Guest

    Robert wrote:
    > On Sat, 21 Jan 2006 23:59:22 +0000, Joseph wrote:
    >
    >
    >>I've read the literature about having strong passwords that contain numbers,
    >>symbols, upper and lower case, over 8 characters and also be gibberish.
    >>Obviously there must be a balance between strenth and using a password that
    >>is at least memorable.

    >
    >
    > I always tell people to forget about using words for their passwords, use
    > phrases.
    >
    > For example;
    >
    > When It Rains It Pours But When The Sun Comes Out It's Warm
    > A Bird In The Hand Is Better Then Two In The Tree
    >
    > Then use only the first letter of every word
    >
    > thus having;
    > wiripbwtscoiw
    > abithibttitt
    >
    > Then swap letters for numbers;
    > a=4 e=3 i=1 o=0 s=8 p=9 l=7
    >
    > would translate to;
    > w1r19bwtsc01w
    > 4b1th1bttb1tt
    >
    > Other possible flips could be to use the number in place of the word e.i,
    >
    > one=1 four=4 and so on.
    >
    > You could also use the '&' in place for the word 'and'
    >
    > You can make the flip anything you want but make it so that you will
    > remember what that flip is. Then add punctuation as needed.
    >
    > Password generators are good to and their passwords have no reason behind
    > then and this makes them good but it also make it harder to remember them.
    >
    > Also never use short phrases. At least 10 letter long. 15 or more is
    > even better.
    >
    > There is no such thing as an in-crackable password. Given enough time all
    > passwords can and will be cracked. We just have to make it harder for the
    > cracker and hope that he will be caught before he can crack the password.
    >
    >


    What I tell people is to use a mangled passphrase that is complex and memorable,
    and can be written down "securely". It usually looks like "l337 Sp3ak" (elite
    speak) used by hackers.

    What I do:
    1) pick 3 words out of a book randomly so that don't relate to each other. (Each
    word must be at least 4 characters long)

    2) Remove all spaces and punctuation.

    3) Capitalize all words.

    4) change some lowercase letters to numbers (l=1, e=3, g=5, g=6, t=7, b=8, p=9)

    5) change some lowercase letters to symbols (a=@, i=!, s=$, x=*)

    6) write the unmangled phrase down and keep it secure.

    You now have a passphrase that is long, includes upper/lower case letters,
    numbers and symbols. Those "random" words are difficult the first 2 or 3 times.
    After that, the phrase sticks in your memory like the lyrics of a bad song.

    Then if you've forgotten the phrase, get the written copy and mangle it in your
    head.

    Example
    phase 1: handed design change
    phase 2: handeddesignchange
    phase 3: HandedDesignChange
    phase 4: Hand3dD3si6nChan63
    phase 5: H@nd3dD3s!6nCh@n63

    If they need a more secure phrase increase the size of the phrase with 5 or 6
    words, use extended characters between the words, and throw a misspelling in.

    <http://en.wikipedia.org/wiki/Extended_ASCII>

    --

    Dave Keays
     
    Dave Keays, Jan 22, 2006
    #8
  9. Joseph

    Dave Keays Guest

    Borked Pseudo Mailed wrote:
    > Joseph wrote:
    >
    >
    >>I've read the literature about having strong passwords that contain
    >>numbers, symbols, upper and lower case, over 8 characters and also be
    >>gibberish. Obviously there must be a balance between strenth and using a
    >>password that is at least memorable.
    >>

    [snip]

    >>How long would it take to crack a password of this complexity by brute
    >>force?

    >
    > At 100 guesses a second, it would take about 218.3 Billion seconds to try
    > every possible combination. You do the math, but I'm guessing in the
    > thousands of years.


    With the distributed computing capabilities today, it could be done a lot
    sooner. With a botnet controlling 400,000 PCs it would take less than a day.
    Just have one zombie check for "aaaa" to "aaaz" then next for "aaba" to "aabz".
    I'm doing the math quick in my head so forgive me if I'm not accurate here.

    I use the 400,000 number because someone was arrested for having a botnet that
    size last November.

    [snip]

    --

    Dave Keays
     
    Dave Keays, Jan 23, 2006
    #9
  10. Dave Keays wrote:

    >> At 100 guesses a second, it would take about 218.3 Billion seconds to
    >> try every possible combination. You do the math, but I'm guessing in the
    >> thousands of years.

    >
    > With the distributed computing capabilities today, it could be done a lot
    > sooner. With a botnet controlling 400,000 PCs it would take less than a
    > day.


    Not likely. 100 guesses a second was an out of thin ari number and likely
    impossible to begin with. Regardless, if you're eating clock cycles like
    that everything else on the machine is dog slow or dead. Your bots would
    be dropping like flies. Which means you're going to have to figure out
    some way of tracking which data chunk belongs to which bot and reassign it
    AFTER you realize a bot is deceased, which is probably going to be after
    the time it should have take to check its bit of data has passed.

    And that's only if you can manage to figure out how to distribute the
    cracking/tracking software and data to 400,000 machines without being
    detected, outed as a "cyber terrorist", and put in jail for the next 20
    years. At which time you might be able to start the whole process over.
    With faster hardware of course. ;-)

    It's not really about the raw numbers at this point of the discussion,
    it's about the practicality of doing the work. Sure, enough machines could
    do that work, but can you get them together and keep them together?
     
    Borked Pseudo Mailed, Jan 23, 2006
    #10
  11. Joseph

    Winged Guest

    Dave Keays wrote:
    > Borked Pseudo Mailed wrote:
    >
    >>Joseph wrote:
    >>
    >>
    >>
    >>>I've read the literature about having strong passwords that contain
    >>>numbers, symbols, upper and lower case, over 8 characters and also be
    >>>gibberish. Obviously there must be a balance between strenth and using a
    >>>password that is at least memorable.
    >>>

    >
    > [snip]
    >
    >
    >>>How long would it take to crack a password of this complexity by brute
    >>>force?

    >>
    >>At 100 guesses a second, it would take about 218.3 Billion seconds to try
    >>every possible combination. You do the math, but I'm guessing in the
    >>thousands of years.

    >
    >
    > With the distributed computing capabilities today, it could be done a lot
    > sooner. With a botnet controlling 400,000 PCs it would take less than a day.
    > Just have one zombie check for "aaaa" to "aaaz" then next for "aaba" to "aabz".
    > I'm doing the math quick in my head so forgive me if I'm not accurate here.
    >
    > I use the 400,000 number because someone was arrested for having a botnet that
    > size last November.
    >
    > [snip]
    >

    Assuming a dedicated botnet of 400,000 and the calculation of 17 years
    for a complex 8 digit password for a single computer and assuming
    dedicated efficiency would equate to 22.5 minutes (rough) to try every
    possible combination. While these efficiencies could never be achieved
    and for technical reasons a number of other issues come into play (such
    as trying each by brute force) against a host would surely catch
    someones attention. That said it is significant easier to crack "IF"
    the attacker has a copy of the SAM or password file. Properly
    configuring a system to time out after 3 missed attempts for 15 minutes
    slows external brute force attacks however does nothing to stop someone
    who has snagged the appropriate file or communication.

    Encryption methods used for authentication (either NTLS or SSL) can be
    broken if sniffed with significantly less effort. SSL is a piece of
    cake if one has captured both sides of the communication stream due to
    inherent weakness in the method (not the encryption algorithm itself).

    This said there are usually easier methods to penetrate busy networks.
    If one footprints the victims network well, there is usually an easier
    way in.

    Winged
     
    Winged, Jan 23, 2006
    #11
  12. Joseph

    John Hyde Guest

    on 1/21/2006 3:59 PM Joseph said the following:
    > I've read the literature about having strong passwords that contain numbers,
    > symbols, upper and lower case, over 8 characters and also be gibberish.
    > Obviously there must be a balance between strenth and using a password that
    > is at least memorable.
    >
    > Not being a security expert, would anyone tell me how secure an 8 character
    > password would be consisting of numbers, upper and lower case letters and is
    > just gibberish, thus not prone to dictionary attacks.
    >
    > Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
    > combinations.
    >
    > How long would it take to crack a password of this complexity by brute
    > force?
    >
    > Thank you
    >
    >


    As others have suggested, it really depends on how many combinations per
    second an attacker can try.

    Your example is 2.18e14 combinations (2.18 x 10^14)
    The number of seconds per year: 3.15e7

    If an attacker can "try" one per second, on average, then it will take
    about 7 million years. (6.9e6) (Yes, as other commentators said, you
    really are looking at the 50/50. So divide all my results by 2 if you must)

    Now that's an actual calculated number, but for the purposes of
    discussion, remember you can divide by subtracting exponents. So the
    exponents become very important. Add three to the exponent, and you
    multiply the difficulty by 1000.

    Example, Just adding two digits, so the password is at least 10
    characters makes it 62^10 or 8.4e17. In one try per second land, it now
    takes 26 Billion years, a truly significant leap in entropy. To that,
    allow the following 19 characters: !@#$%^&*(){}[]<>?~`. Now the
    attacker must try 81^10 combinations, 1.21e19. Now, we're really talking!

    The practical problem, as many have mentioned, is the difficulty of
    creating, remembering and protecting such a password.

    Cheers,

    JH
     
    John Hyde, Jan 24, 2006
    #12
  13. Most of the pro's that have written about the subject suggest a
    password with a length of 10-13 random characters for the best
    security. The little extra length adds allot more calculations to a
    brute force attack. We have a free password generator link on our web
    site and a free password protection program (blowfish encryption) that
    you can download for secure storage of your passwords.

    You'll only need to remember one pass to get into the program. Bruce
    Schneir wrote it. It saves getting into the habbit of writting down
    all your passwords on a pad around your computer.

    Regards


    * www.privacyoffshore.net (no logs Internet)
    * Anonymous Secure Offshore SHH-2 Surfing Tunnels
    * Anonymous Mail & News through SHH-2 Tunnels
    * Free Resources and Privacy Software
     
    (admins) privacyoffshore, Jan 24, 2006
    #13
  14. Joseph

    Donnie Guest


    >
    > If an attacker can "try" one per second, on average, then it will take
    > about 7 million years. (6.9e6) (Yes, as other commentators said, you
    > really are looking at the 50/50. So divide all my results by 2 if you

    must)
    >

    ##############################################
    Here are some passwds for servers running Front Page (right column).
    test (iqstech)
    pdgt ( rkm)
    4210 ( esven)
    rules (ahold)
    Look how weak they are It took John The Ripper about 4 minutes to crack
    them. That's 4 out of 31 in the file that I created.
    I'll let JTR run on the file for no more than 2 days at the most. Noone in
    their right mind is going to spend months trying to crack them unless it's
    one company trying to find out what their competitor is doing or something
    else that might mean a lot of money and if it means that much, I'm sure they
    will look for another way to enter. The point is that it's just not
    necessary to ANALyse passwds that much. If you force your users to go w/
    the 8 mixed characters or more or as someone said, use phrases, that's the
    end of the story. BTW, if you're using front page, make sure that
    /_vti_pvt/service.pwd is not readable.
    donnie
     
    Donnie, Jan 24, 2006
    #14
  15. (admins) privacyoffshore wrote:

    > We have a free password generator link on our web site and a free password
    > protection program (blowfish encryption) that you can download for secure
    > storage of your passwords.


    Spammer.

    It's not necessary to go through your data mining site to get Password
    Safe. Here is the actual URL people....

    http://passwordsafe.sourceforge.net/

    > * www.privacyoffshore.net (no logs Internet) * Anonymous Secure Offshore


    Bradenton, Florida is off shore now? Or did you mean off shore from some
    other perspective?

    > SHH-2 Surfing Tunnels * Anonymous Mail & News through SHH-2 Tunnels * Free
    > Resources and Privacy Software


    Anonymous, Eh? Perhaps you can explain how you can offer any real
    anonymity in light of the fact that you're a subscription based, single
    point of contact, and open to easy traffic analysis as a result of
    being real time...??

    Why are you using squid if you're not logging?

    Where would these alleged "off shore" servers reside? Care to name them?
    Or are you afraid to have them scrutinized? Maybe they're not as off shore
    as you claim?

    Over half your "advertised" servers are inside EU member nations. Are you
    unaware of the recent developments regarding forced logging of ALL
    connection data in those member nations? The forced log retention? Or do
    you just not care?

    Why do you still have servers in Hong Kong after it's been shown that it's
    easier to force information out of that Government than it is to get it
    (legally) in the US?

    Why are you stealing bandwidth from the Tor network for your profit? If
    you're really an ANONYMOUS service, why would you need it?

    Are you going to be just like the rest of your puppet service's puppets
    and dodge these honest questions?

    I'm betting you will......
     
    Borked Pseudo Mailed, Jan 24, 2006
    #15
  16. Joseph

    Dave Keays Guest

    Winged wrote:
    > Dave Keays wrote:
    >
    >> Borked Pseudo Mailed wrote:
    >>
    >>> Joseph wrote:
    >>>
    >>>
    >>>
    >>>> I've read the literature about having strong passwords that contain
    >>>> numbers, symbols, upper and lower case, over 8 characters and also be
    >>>> gibberish. Obviously there must be a balance between strenth and
    >>>> using a
    >>>> password that is at least memorable.
    >>>>

    >>
    >> [snip]
    >>
    >>
    >>>> How long would it take to crack a password of this complexity by brute
    >>>> force?
    >>>
    >>>
    >>> At 100 guesses a second, it would take about 218.3 Billion seconds to
    >>> try
    >>> every possible combination. You do the math, but I'm guessing in the
    >>> thousands of years.

    >>
    >>
    >>
    >> With the distributed computing capabilities today, it could be done a lot
    >> sooner. With a botnet controlling 400,000 PCs it would take less than
    >> a day.
    >> Just have one zombie check for "aaaa" to "aaaz" then next for "aaba"
    >> to "aabz".
    >> I'm doing the math quick in my head so forgive me if I'm not accurate
    >> here.
    >>
    >> I use the 400,000 number because someone was arrested for having a
    >> botnet that
    >> size last November.
    >>
    >> [snip]
    >>

    > Assuming a dedicated botnet of 400,000 and the calculation of 17 years
    > for a complex 8 digit password for a single computer and assuming
    > dedicated efficiency would equate to 22.5 minutes (rough) to try every
    > possible combination. While these efficiencies could never be achieved
    > and for technical reasons a number of other issues come into play (such
    > as trying each by brute force) against a host would surely catch
    > someones attention. That said it is significant easier to crack "IF"
    > the attacker has a copy of the SAM or password file. Properly
    > configuring a system to time out after 3 missed attempts for 15 minutes
    > slows external brute force attacks however does nothing to stop someone
    > who has snagged the appropriate file or communication.
    >
    > Encryption methods used for authentication (either NTLS or SSL) can be
    > broken if sniffed with significantly less effort. SSL is a piece of
    > cake if one has captured both sides of the communication stream due to
    > inherent weakness in the method (not the encryption algorithm itself).
    >
    > This said there are usually easier methods to penetrate busy networks.
    > If one footprints the victims network well, there is usually an easier
    > way in.


    Very true. But we were talking about the theoretical ability to crack passwords.
    Whether or not the password should be broken is not a major concern here. But
    things tend to be a little more complicated in real life.

    Borks statement sounds too much like the statement about DES many years ago and
    about WEP just a few years ago.

    No encryption or password/passphrase is a silver bullet. Ignoring the risks are
    a recipe for doom in my eyes.



    --

    Dave Keays
     
    Dave Keays, Jan 24, 2006
    #16
  17. Joseph

    Dave Keays Guest

    Borked Pseudo Mailed wrote:
    > Dave Keays wrote:
    >
    >
    >>>At 100 guesses a second, it would take about 218.3 Billion seconds to
    >>>try every possible combination. You do the math, but I'm guessing in the
    >>>thousands of years.

    >>
    >>With the distributed computing capabilities today, it could be done a lot
    >>sooner. With a botnet controlling 400,000 PCs it would take less than a
    >>day.

    >
    >
    > Not likely. 100 guesses a second was an out of thin ari number and likely
    > impossible to begin with. Regardless, if you're eating clock cycles like
    > that everything else on the machine is dog slow or dead. Your bots would
    > be dropping like flies. Which means you're going to have to figure out
    > some way of tracking which data chunk belongs to which bot and reassign it
    > AFTER you realize a bot is deceased, which is probably going to be after
    > the time it should have take to check its bit of data has passed.
    >


    What about only using idle time like SETI does?

    > And that's only if you can manage to figure out how to distribute the
    > cracking/tracking software and data to 400,000 machines without being
    > detected, outed as a "cyber terrorist", and put in jail for the next 20
    > years. At which time you might be able to start the whole process over.
    > With faster hardware of course. ;-)


    This was done in November by a teen in LA. Except he was caught. A little
    maturity and that would be cured.

    > It's not really about the raw numbers at this point of the discussion,
    > it's about the practicality of doing the work. Sure, enough machines could
    > do that work, but can you get them together and keep them together?
    >


    I've heard similar arguments before. In the 90s how long was it supposed to take
    to break 56bit DES? Millions of years I think. I've even heard that recently
    about WEP. Someone still believe it can't be broken in a life-time. (I should
    have grabbed his handkerchief so we would have a DNA sample.)



    --

    Dave Keays
     
    Dave Keays, Jan 24, 2006
    #17
  18. Joseph

    blackhat Guest

    Well it looks like the trolls are back,

    >>Spammer.


    That would be you troll

    >>It's not necessary to go through your data mining site to get Password
    >>Safe. Here is the actual URL people....


    >http://passwordsafe.sourceforge.net/


    > * www.privacyoffshore.net (no logs Internet) * Anonymous Secure Offshore


    >>Bradenton, Florida is off shore now? Or did you mean off shore from some
    >>other perspective?


    > SHH-2 Surfing Tunnels * Anonymous Mail & News through SHH-2 Tunnels * Free
    > Resources and Privacy Software


    >>Anonymous, Eh? Perhaps you can explain how you can offer any real
    >>anonymity in light of the fact that you're a subscription based, single
    >>point of contact, and open to easy traffic analysis as a result of
    >>being real time...??


    >>Why are you using squid if you're not logging?


    >>Where would these alleged "off shore" servers reside? Care to name them?
    >>Or are you afraid to have them scrutinized? Maybe they're not as off shore
    >>as you claim?


    >>Over half your "advertised" servers are inside EU member nations. Are you
    >>unaware of the recent developments regarding forced logging of ALL
    >>connection data in those member nations? The forced log retention? Or do
    >>you just not care?


    >>Why do you still have servers in Hong Kong after it's been shown that it's
    >>easier to force information out of that Government than it is to get it
    >>(legally) in the US?


    >>Why are you stealing bandwidth from the Tor network for your profit? If
    >>you're really an ANONYMOUS service, why would you need it?


    Go crawl under your rock troll and read their web site, stay anonymous
    and use re-mailers, then we'll know you haven't got an agenda, LOL
     
    blackhat, Jan 24, 2006
    #18
  19. Joseph

    Lars Guest

    If you use letters, numbers, symbols and notprintable characters such
    as esc, and other commands, the real number of password combinations
    would be 256^n diffrent ones, where n is the number of characters in
    your password. for a 7 digit password, there would be 72057594037927936
    diffrent pwd combinations. thats alot.
     
    Lars, Jan 24, 2006
    #19
  20. Lars wrote:

    > If you use letters, numbers, symbols and notprintable characters such as
    > esc, and other commands, the real number of password combinations would be
    > 256^n diffrent ones, where n is the number of characters in your password.
    > for a 7 digit password, there would be 72057594037927936 diffrent pwd
    > combinations. thats alot.


    Stick to letters, numbers, and symbols like !_@#$%&*. There's plenty of
    characters to choose from to make sufficiently strong pass phrases, and
    more than one time I've seen those "unprintable" characters booger up a
    pass phrase to the point a private PGP key had to be pitched, and a
    couple of logins had to have the passwords reset by root. It's tempting to
    add that extra key space, but trust me, it's more trouble than it's worth
    if it goes south on you. :(
     
    George Orwell, Jan 24, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Dirk
    Replies:
    4
    Views:
    1,503
  2. Deepak K
    Replies:
    2
    Views:
    12,340
    Deepak K
    Apr 19, 2005
  3. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    628
    COMSOLIT Messmer
    Sep 5, 2003
  4. Kompu Kid
    Replies:
    5
    Views:
    1,504
    Wai Doan Hsu
    Aug 2, 2004
  5. morph
    Replies:
    0
    Views:
    474
    morph
    May 20, 2008
Loading...

Share This Page