[Homeroast] Email security ideas

Jim Carter jcarter at ambersystems.com
Tue Mar 23 14:16:46 CDT 2010


The ideas discussed in this thread are sound.  You CAN do things to  
improve the security of your passwords. Password length (longer is  
better), mixed case throughout, combination of numbers and letters, etc.  
Match the complexity to the importance of avoiding a security breach.

I do computer forensics. We have password crackers for getting into  
password-protected files. I've got one running right now on a Microsoft  
Excel 2007 file. Because Microsoft Office uses 128-bit AES encryption this  
is a brute-force attack. It will try billions of passwords. This may take  
weeks, but we'll likely bust through.

The point of my example is this: A true brute-force attack of a long  
password comprised of a random mix of characters (upper and lower case)and  
numbers could literally take years on a machine (or machines) with lots of  
horsepower and hardware accelerators. However, we can considerably shorten  
the duration if we can make some reasonable guesses at patterns the user  
may have followed.

I guess it comes down to a question of whether or not the juice is worth  
the squeeze. How hard will somebody try to guess/crack your password? How  
much effort are you willing to expend to thwart their efforts?

- Jim

On Tue, 23 Mar 2010 14:34:43 -0400, Christopher Navarro  
<cnavarro2 at gmail.com> wrote:

> As for completely random passwords, that's not possible either.  Nor is
> gibberish impossible to guess.  :)   Security by obscurity just doesn't
> work, no matter how obscure.
>
> -Chris
>
> On Tue, Mar 23, 2010 at 11:49 AM, Allon Stern <allon at radioactive.org>  
> wrote:
>
>>
>> On Mar 23, 2010, at 11:35 AM, Christopher Navarro wrote:
>>
>> > Another issue is passwords that can be easily guessed so you might  
>> want
>> to
>> > use a password manager such as:  http://keepass.info/ for windows or
>> > http://www.keepassx.org/ for other desktop platforms, both are free.
>> >
>> > You can read more, also at lifehacker, here:
>> > http://lifehacker.com/5042616/five-best-password-managers
>> >
>> > You can use password managers to generate difficult to guess passwords
>> and
>> > store hard to guess password security questions, as suggested by Ryan.
>>
>> I really like Password Wallet. I've been using it for many years - I  
>> have
>> unique completely random passwords for just about every site. I use
>> primarily the Macintosh version.
>> http://www.selznick.com/products/passwordwallet/index.htm
>>
>> And as for password security questions, hard to guess is not  
>> unguessable. I
>> usually make 'em gibberish. Most security questions are much weaker  
>> than my
>> passwords.
>> -
>> allon
>>
>>
>> _______________________________________________
>> Homeroast mailing list
>> Homeroast at host.sweetmariascoffee.com
>>
>> http://host.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.sweetmariascoffee.com
>> Homeroast community pictures -upload yours!) :
>> http://www.sweetmariascoffee.com/gallery/main.php?g2_itemId=7820
>>
> _______________________________________________
> Homeroast mailing list
> Homeroast at host.sweetmariascoffee.com
> http://host.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.sweetmariascoffee.com
> Homeroast community pictures -upload yours!) :  
> http://www.sweetmariascoffee.com/gallery/main.php?g2_itemId=7820


-- 
James B. Carter
Amber Systems, Incorporated
248-652-3140



More information about the Homeroast mailing list