Pages: 1 2 [3] :: one page |
|
Author |
Thread Statistics | Show CCP posts - 2 post(s) |
Don Knots
Akkio Innovations
0
|
Posted - 2012.04.30 03:46:00 -
[61] - Quote
You mean people are still using passwords that they have to remember?
One Winning Word: KeePass.
FTW. |
leviticus ander
CATO.nss
149
|
Posted - 2012.04.30 03:52:00 -
[62] - Quote
Don Knots wrote:You mean people are still using passwords that they have to remember?
One Winning Word: KeePass.
FTW. no matter how good their repute are, I would never use a program like that. |
Ayame Tao
State War Academy Caldari State
5
|
Posted - 2012.05.01 09:19:00 -
[63] - Quote
leviticus ander wrote:Don Knots wrote:You mean people are still using passwords that they have to remember?
One Winning Word: KeePass.
FTW. no matter how good their repute are, I would never use a program like that.
*boggle*
What? Why?
Well, okay, I suppose it is your perogative, but honestly, free security programs like Keepass are the saving grace for the extremely insecure constraints of usernames and passwords.
You could use a passphrase like Correct Horse Battery Staple as xkcd points out, or use Caha's method (which is similar to what I used before KeePass) but with modern methods, anything based on dictionary words (in any language) or without enough bits (128+) is going to take a dedicated attacker less time to break than it take to train a level 4 skill.
Passwords are like suicide ganking. It's only a matter of how much resources the attacker has to throw at it to kill you.
Using a dictionary word with some leetspeek added to it is the equivalent of taking an totally untanked Hulk with a shipname of 'Hulkageddonists Are W*nkers' and going AFK in the Perimeter asteroid belts.
Using a generated strong password in KeePass is more like using a fully tanked mining Rokh - they can still get you eventually, but it's so much harder that hopefully they won't bother.
|
Sarina Berghil
Adhocracy Incorporated Adhocracy
32
|
Posted - 2012.05.01 11:59:00 -
[64] - Quote
When people use unsafe password practices they have a reason for doing so, most often because the safe practices are too inconvenient.
Creating arbitrary limitations only force those people into using even more unsafe practices, as Vaerah Vahrokha's story illustrates.
How many of us can remember 20 safe passwords? |
Wodensun
ZeroSec
1
|
Posted - 2012.05.01 15:52:00 -
[65] - Quote
rainbow tables.
Cloud computing.
You know you can just rent a stack of servers right and run your malicious stuff on that... kinda like amazon does.... |
Alain Kinsella
104
|
Posted - 2012.05.01 19:29:00 -
[66] - Quote
Sarina Berghil wrote:When people use unsafe password practices they have a reason for doing so, most often because the safe practices are too inconvenient.
Creating arbitrary limitations only force those people into using even more unsafe practices, as Vaerah Vahrokha's story illustrates.
How many of us can remember 20 safe passwords?
Yeah, that story was nuts. At that point you may as well implement an OTP strategy (like SecurID) and be done with it. [For the record, I've had two SID at one point - the second one to access a client's network so I could update our monitoring software. While it got tedious at times, I understood the reasons and lived with it.]
Remembering new passwords can be a pain, yes, but you just need to be a bit creative in generating new ones. I've been doing that since my first UNIX account in 1991. Annoying? You bet. But worth the peace of mind.
@ Caha Evano - thanks for that link, good to see his site is still alive and kicking.
@ CCP Sreegs - If you're contemplating OTP apps, please do not forget those of us still on Blackberries. Thanks. (This is fine for a game, but I do prefer having physical tokens for work.) I may have come here from Myst Online, but that does not make me any less bloodthirsty than the average Eve player.
Just more subtle.
|
leviticus ander
CATO.nss
149
|
Posted - 2012.05.02 00:13:00 -
[67] - Quote
Wodensun wrote:rainbow tables.
Cloud computing.
You know you can just rent a stack of servers right and run your malicious stuff on that... kinda like amazon does.... I think you guys are basing this off of the old authentication methods. rainbow tables are alright, but are pretty much hopeless for anything bigger than 7-8 characters. this is a video I made for a class project. Password Cracking for dummies I did actually download the 400GB rainbow table, it's for 7 characters made of any legal password character. I also have an alphanumeric 8 character rainbow table. as for manually cracking passwords, while it's reasonable, it's not as easy as you guys seem to be implying. to do an 80k word hybrid dictionary attack, it would take my 4.8GHz quad core about 2-3 weeks to process. also, all those words are single words, meaning that putting 2 words together won't be cracked. with windows 7 at least, if you have a 12-14 character password with a good mix of types of characters, it'll be effectively unbreakable for the next few years. and by the time it is reasonably breakable, they will have probably made a better authentication system. cloud computing is usable, but it's about as bad as my computer since they are generally sitting at about 2-2.5GHz. if you are really up for cracking passwords, renting a botnet for computing is probably your best bet. |
Shian Yang
38
|
Posted - 2012.05.02 00:39:00 -
[68] - Quote
leviticus ander wrote:Wodensun wrote:rainbow tables.
Cloud computing.
You know you can just rent a stack of servers right and run your malicious stuff on that... kinda like amazon does.... I think you guys are basing this off of the old authentication methods. rainbow tables are alright, but are pretty much hopeless for anything bigger than 7-8 characters. this is a video I made for a class project. Password Cracking for dummiesI did actually download the 400GB rainbow table, it's for 7 characters made of any legal password character. I also have an alphanumeric 8 character rainbow table. as for manually cracking passwords, while it's reasonable, it's not as easy as you guys seem to be implying. to do an 80k word hybrid dictionary attack, it would take my 4.8GHz quad core about 2-3 weeks to process. also, all those words are single words, meaning that putting 2 words together won't be cracked. with windows 7 at least, if you have a 12-14 character password with a good mix of types of characters, it'll be effectively unbreakable for the next few years. and by the time it is reasonably breakable, they will have probably made a better authentication system. cloud computing is usable, but it's about as bad as my computer since they are generally sitting at about 2-2.5GHz. if you are really up for cracking passwords, renting a botnet for computing is probably your best bet.
Greetings capsuleer,
You may not be aware of this, but modern GPUs are more capable at this task than their CPU equivalents.
Regards,
Shian Yang |
leviticus ander
CATO.nss
149
|
Posted - 2012.05.02 09:37:00 -
[69] - Quote
Shian Yang wrote:Greetings capsuleer, You may not be aware of this, but modern GPUs are more capable at this task than their CPU equivalents. Regards, Shian Yang maybe for the hybrid dictionary attack. but like I said, as long as you use 12-14 characters, you're pretty much safe for the moment thanks to exponential increase in difficulty. |
Steve Ronuken
Fuzzwork Enterprises
392
|
Posted - 2012.05.02 10:18:00 -
[70] - Quote
And rainbow tables become pretty much useless when you have a salted password. FuzzWork Enterprises http://www.fuzzwork.co.uk/ Blueprint calculator, invention chance calculator, isk/m3 Ore chart-á and other 'useful' utilities. |
|
leviticus ander
CATO.nss
149
|
Posted - 2012.05.02 10:21:00 -
[71] - Quote
Steve Ronuken wrote:And rainbow tables become pretty much useless when you have a salted password. pretty much everything becomes useless with modern salted passwords. windows doesn't use it, so that still allows you to use rainbow tables on about 95%+ of the market share. |
Ayame Tao
State War Academy Caldari State
7
|
Posted - 2012.05.02 11:22:00 -
[72] - Quote
So why then is KeePass something you wouldn't use?
Considering it can generate passwords of mixed case alphanumeric + special characters of 256+ bits (1000 bits if you want) and have individual passwords for each site/game/account that are easily managed.
Using a composite master key mitigates the risk of compromise.
If somebody managed to compromise my machine to the level required where they could compromise my KeePass password and compromise my USB drive key, I've got bigger problems than password integrity.
Generated KeePass passwords of suitable length and complexity (herein is a bigger problem in the number of places you are restricted to 6 letters and no special characters etc) would take some serious brute forcing, beyond even retasked GPUs or application specific integrated circuits available to anyone who isn't a national level 3 letter agency. |
Doctor Ungabungas
GoonWaffe Goonswarm Federation
91
|
Posted - 2012.05.02 11:26:00 -
[73] - Quote
supersexysucker wrote:CCP Sreegs wrote:This will be reviewed when we institute the two factor option in the next couple of months. Or you could just give us a ******* warning and let us do WHAT we want.
What you want makes extra work for CCP. Hiring extra GM's to deal with your hacked accounts costs them extra money.
If CCP are willing charge you a $5 a month 'I'm a ****** who is more likely to be hacked' surcharge that goes towards hiring more GM's, I think it's a fantastic idea. |
Ave Kathrina
Center for Advanced Studies Gallente Federation
1
|
Posted - 2012.05.02 12:23:00 -
[74] - Quote
supersexysucker wrote:I do not change my pw BECAUSE of CCPs dumb **** can't put in an old one... need a cap letter now, etc bullshit.
I WILL PICK MY OWN FUCKIN PASSWORD.
Be nice if someone would steal all CCPs stored old passwords rofl...
The mail they would need to send out would be LOL...
"Every password you ever used in eve online has been stolen, please make sure to change any accounts using any of these passwords, we enjoy fuckin you"
Also for the retart tinnin... why not ask CCP for an onscreen in game keyboard to enter log in info... I mean if we need to make
PW's a *****... what about keyloggers PLEASE PROTECT ME FROM KEY LOGGERS CCP.
Sounds like a baby that needs someone to protect him... lul.
You know what hackers did when people thought on screen keyboards were secure? They just wrote a screen capture tool. |
Iamien
Dreddit Test Alliance Please Ignore
193
|
Posted - 2012.07.10 17:02:00 -
[75] - Quote
Seriously, I want to use hunter2 again. |
Micheal Dietrich
Kings Gambit Black
529
|
Posted - 2012.07.10 17:05:00 -
[76] - Quote
Seriously, again? Is this going to be your hobby for the day necro'ing threads that are about to be locked to time? |
Jimmy Gunsmythe
Republic Military School Minmatar Republic
69
|
Posted - 2012.07.10 20:35:00 -
[77] - Quote
supersexysucker wrote:CCP Sreegs wrote:This will be reviewed when we institute the two factor option in the next couple of months. Or you could just give us a ******* warning and let us do WHAT we want.
IB4 'Sandbox' comments?
I just hate having to capitalize letters. I understand it makes the password more secure but given that I make up words for passwords, I'm not too worried about getting hacked. A good predator knows how to live in balance with his prey, lest he follow them into oblivion. |
|
|
|
Pages: 1 2 [3] :: one page |
First page | Previous page | Next page | Last page |