[Homeroast] Email security ideas
jcarter at ambersystems.com
Tue Mar 23 14:16:46 CDT 2010
The ideas discussed in this thread are sound. You CAN do things to
improve the security of your passwords. Password length (longer is
better), mixed case throughout, combination of numbers and letters, etc.
Match the complexity to the importance of avoiding a security breach.
I do computer forensics. We have password crackers for getting into
password-protected files. I've got one running right now on a Microsoft
Excel 2007 file. Because Microsoft Office uses 128-bit AES encryption this
is a brute-force attack. It will try billions of passwords. This may take
weeks, but we'll likely bust through.
The point of my example is this: A true brute-force attack of a long
password comprised of a random mix of characters (upper and lower case)and
numbers could literally take years on a machine (or machines) with lots of
horsepower and hardware accelerators. However, we can considerably shorten
the duration if we can make some reasonable guesses at patterns the user
may have followed.
I guess it comes down to a question of whether or not the juice is worth
the squeeze. How hard will somebody try to guess/crack your password? How
much effort are you willing to expend to thwart their efforts?
On Tue, 23 Mar 2010 14:34:43 -0400, Christopher Navarro
<cnavarro2 at gmail.com> wrote:
> As for completely random passwords, that's not possible either. Nor is
> gibberish impossible to guess. :) Security by obscurity just doesn't
> work, no matter how obscure.
> On Tue, Mar 23, 2010 at 11:49 AM, Allon Stern <allon at radioactive.org>
>> On Mar 23, 2010, at 11:35 AM, Christopher Navarro wrote:
>> > Another issue is passwords that can be easily guessed so you might
>> > use a password manager such as: http://keepass.info/ for windows or
>> > http://www.keepassx.org/ for other desktop platforms, both are free.
>> > You can read more, also at lifehacker, here:
>> > http://lifehacker.com/5042616/five-best-password-managers
>> > You can use password managers to generate difficult to guess passwords
>> > store hard to guess password security questions, as suggested by Ryan.
>> I really like Password Wallet. I've been using it for many years - I
>> unique completely random passwords for just about every site. I use
>> primarily the Macintosh version.
>> And as for password security questions, hard to guess is not
>> unguessable. I
>> usually make 'em gibberish. Most security questions are much weaker
>> than my
>> Homeroast mailing list
>> Homeroast at host.sweetmariascoffee.com
>> Homeroast community pictures -upload yours!) :
> Homeroast mailing list
> Homeroast at host.sweetmariascoffee.com
> Homeroast community pictures -upload yours!) :
James B. Carter
Amber Systems, Incorporated
More information about the Homeroast