[Reader-list] Passwords

Tue Oct 8 03:06:54 IST 2002

Of course - especially in Windows. However, keeping a
strong passphrase is not suffucient in compromising a
machine. Take for example the Nimda virus I had in my
machine 2 weeks ago that created a backdoor to
god-knows-who :-<.

I guess my only point was that passphrases are
stronger, easier to remember and harder to crach
amongst security experts than passwords.

http://world.std.com/~reinhold/diceware.html

--Bijoyini

--- Supreet <supreet at sarai.net> wrote:
> 
> But as the saying goes, " A chain is as strong as
> its weakest link", once a
> machine has been 0wned then any program that runs on
> it could passing
> information to the cracker. So enforcing security
> means asking your peers to
> keep tough passwords or pass phrases. Which may not
> be easy
> 
> 
> On Mon, Oct 07, 2002 at 11:30:26AM -0700, Bijoyini
> wrote:
> > 
> > In addition to just a word, some applications now
> have
> > the ability to accept passPHRASES (as opposed to
> > passWORDS). So you can type in a whole sentence
> > instead of just a word. It is harder to hack if
> you
> > think of all the permutions involved in hacking a
> > sentence instead of a word. Moreover, a password
> is
> > chose from a the set of symbols that include
> > alphabets, numbers and some special characters.
> This
> > set of symbols is small. A passphrase is selected
> from
> > the natural language dictionary that typically
> > comprises of 10 000 words to 500 000 words (for a
> > range of users). This set is larger than the set
> of
> > alphabets.
> > 
> > Some claim that it is also easier to remember "I
> l0ve
> > m0vies, f00tball, f00twear and gr00ve" (letter O
> > replaced by number zero) than "rt34fd0".
> > 
> > 
> > > -- Base the password on mnemonics or acronyms,
> not
> > > words or names. 
> > > Use your favourite song titles, movies, football
> > > teams as starters. 
> > > It's got to be something that you know a lot
> about,
> > > but not something 
> > > that other people can find out about you--such
> as
> > > your birthday, your 
> > > place of birth, or your kids' names. The first
> > > letters of the movie 
> > > The Year of Living Dangerously, for example,
> could
> > > be used in 
> > > conjunction with its two main stars, Mel Gibson
> and
> > > Sigourney Weaver, 
> > > to read "tyoldmgsw."
> > > 
> > > -- That's just the start. Now you have something
> you
> > > can remember, 
> > > but it's still just basic letters. You need to
> turn
> > > some of them into 
> > > numbers, punctuation symbols and capitals. Try
> > > turning the o into a 
> > > similar-looking zero, the l into a one and the s
> > > into a five. That 
> > > would give you "ty01dmg5w" which is a lot
> better,
> > > and still easy to 
> > > remember, since the numbers are similar to the
> > > letters they've 
> > > replaced.
> > > 
> > > -- This, sadly, is still not good enough. The
> people
> > > who write 
> > > hacking programs are on to this kind of trick,
> so
> > > your password is 
> > > still vulnerable. It needs an extra trick or
> two.
> > > Try capitalizing 
> > > the family-name letters, alter the 0 to
> > > similar-looking bracket marks 
> > > (), and move the numeric characters one key to
> the
> > > left on your 
> > > keyboard.
> > > 
> > > If your passwords are as good as that, then you
> > > should be safe. But 
> > > there's still a weakness, and it's still human.
> > > Never give your 
> > > passwords to anyone, don't reuse them for
> different
> > > accounts, and 
> > > change them every few months. Store them on your
> > > personal digital 
> > > assistant if you like, but remember that, even
> if
> > > it's in a 
> > > well-encrypted file, all your valuable info is
> just
> > > one password away 
> > > from being accessed by someone. If they steal
> your
> > > device, chances 
> > > are they're eager enough to try to crack the
> > > password protecting all 
> > > your passwords. Passwords are better kept in
> your
> > > head, triggered by 
> > > things you'll never forget.
> > > 
> > > Now, if you'll excuse me, since I've told you my
> > > password I've got to 
> > > go make up a new one.
> > > 
> > > Write to me at jeremy.wagstaff at feer.com
> > > _________________________________________
> > > reader-list: an open discussion list on media
> and
> > > the city.
> > > Critiques & Collaborations
> > > To subscribe: send an email to
> > > reader-list-request at sarai.net with subscribe in
> the
> > > subject header.
> > > List archive:
> > <https://mail.sarai.net/pipermail/reader-list/>
> > 
> > 
> > __________________________________________________
> > Do you Yahoo!?
> > Faith Hill - Exclusive Performances, Videos & More
> > http://faith.yahoo.com
> > _________________________________________
> reader-list: an open discussion list on media and
> the city.
> > Critiques & Collaborations
> > To subscribe: send an email to
> reader-list-request at sarai.net with subscribe in the
> subject header.
> > List archive:
> <https://mail.sarai.net/pipermail/reader-list/>
> _________________________________________
> reader-list: an open discussion list on media and
> the city.
> Critiques & Collaborations
> To subscribe: send an email to
> reader-list-request at sarai.net with subscribe in the
> subject header.
> List archive:
<https://mail.sarai.net/pipermail/reader-list/>

__________________________________________________
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com