[Homeroast] Email security ideas

Joseph Robertson theotherjo at gmail.com
Tue Mar 23 15:02:05 CDT 2010


Jim,
Very nice to hear from a pro who's job it is to manage security on systems.
As to how much work am I willing to spend on thwarting efforts? I have been
the victim of ID theft more than once. As you probably know there are free
and very inexpensive password tools out there to generate and auto fill for
you so not really much effort for personal system security.
I am curious I just generated this password "H&vhAtL27^5E$x at 5CL9%XUt#cYC!"
How long would it take your best team with the best tools out there to crack
this 168 bit password?
Joe



On Tue, Mar 23, 2010 at 12:16 PM, Jim Carter <jcarter at ambersystems.com>wrote:

> The ideas discussed in this thread are sound.  You CAN do things to improve
> the security of your passwords. Password length (longer is better), mixed
> case throughout, combination of numbers and letters, etc. Match the
> complexity to the importance of avoiding a security breach.
>
> I do computer forensics. We have password crackers for getting into
> password-protected files. I've got one running right now on a Microsoft
> Excel 2007 file. Because Microsoft Office uses 128-bit AES encryption this
> is a brute-force attack. It will try billions of passwords. This may take
> weeks, but we'll likely bust through.
>
> The point of my example is this: A true brute-force attack of a long
> password comprised of a random mix of characters (upper and lower case)and
> numbers could literally take years on a machine (or machines) with lots of
> horsepower and hardware accelerators. However, we can considerably shorten
> the duration if we can make some reasonable guesses at patterns the user may
> have followed.
>
> I guess it comes down to a question of whether or not the juice is worth
> the squeeze. How hard will somebody try to guess/crack your password? How
> much effort are you willing to expend to thwart their efforts?
>
> - Jim
>
>
> On Tue, 23 Mar 2010 14:34:43 -0400, Christopher Navarro <
> cnavarro2 at gmail.com> wrote:
>
>  As for completely random passwords, that's not possible either.  Nor is
>> gibberish impossible to guess.  :)   Security by obscurity just doesn't
>> work, no matter how obscure.
>>
>> -Chris
>>
>> On Tue, Mar 23, 2010 at 11:49 AM, Allon Stern <allon at radioactive.org>
>> wrote:
>>
>>
>>> On Mar 23, 2010, at 11:35 AM, Christopher Navarro wrote:
>>>
>>> > Another issue is passwords that can be easily guessed so you might want
>>> to
>>> > use a password manager such as:  http://keepass.info/ for windows or
>>> > http://www.keepassx.org/ for other desktop platforms, both are free.
>>> >
>>> > You can read more, also at lifehacker, here:
>>> > http://lifehacker.com/5042616/five-best-password-managers
>>> >
>>> > You can use password managers to generate difficult to guess passwords
>>> and
>>> > store hard to guess password security questions, as suggested by Ryan.
>>>
>>> I really like Password Wallet. I've been using it for many years - I have
>>> unique completely random passwords for just about every site. I use
>>> primarily the Macintosh version.
>>> http://www.selznick.com/products/passwordwallet/index.htm
>>>
>>> And as for password security questions, hard to guess is not unguessable.
>>> I
>>> usually make 'em gibberish. Most security questions are much weaker than
>>> my
>>> passwords.
>>> -
>>> allon
>>>
>>>
>>> _______________________________________________
>>> Homeroast mailing list
>>> Homeroast at host.sweetmariascoffee.com
>>>
>>>
>>> http://host.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.sweetmariascoffee.com
>>> Homeroast community pictures -upload yours!) :
>>> http://www.sweetmariascoffee.com/gallery/main.php?g2_itemId=7820
>>>
>>>  _______________________________________________
>> Homeroast mailing list
>> Homeroast at host.sweetmariascoffee.com
>>
>> http://host.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.sweetmariascoffee.com
>> Homeroast community pictures -upload yours!) :
>> http://www.sweetmariascoffee.com/gallery/main.php?g2_itemId=7820
>>
>
>
> --
> James B. Carter
> Amber Systems, Incorporated
> 248-652-3140
>
>
> _______________________________________________
> Homeroast mailing list
> Homeroast at host.sweetmariascoffee.com
>
> http://host.sweetmariascoffee.com/mailman/listinfo/homeroast_lists.sweetmariascoffee.com
> Homeroast community pictures -upload yours!) :
> http://www.sweetmariascoffee.com/gallery/main.php?g2_itemId=7820
>



-- 
Ambassador for Specialty Coffee and palate reform.


More information about the Homeroast mailing list