hello

Sat Jun 9 09:20:36 EDT 2012

A recent article on Ars Technica suggested to use longer passwords instead of weirder ones. Basically this was about the most prolific ilcit password gain method: the database grab, when whole lists of passwords are stolen. Most passwords are somehow one-way encoded (if done decently with a salt added, and not using md5 (has been cracked)). The salt has to be stored in the database, so the one-way or trap door encoded string raises in complexity with length. 

Therefore, the longer a password, the less is the need for inserting random non ascii chars, capitalisation and unknown words. One should try to not use the most common grammar, and also use weird words, because some things can be inferred from grammar or average word occurrence otherwise, but it's mostly about length, and that it's harder to break with brute force methods. Basically the argument was that the following pass-sentence is more secure then for example "D8%a(b9a":

acryptographicrevelationforme:thisissomewhateasytorememberyetoneofthemostsecurepasswordsthaticanconjure

The research mentioned in the article showed that this approach when using four words (!) was only slightly more secure then using 8 random chars, due to natural language following certain rules (so use bad syntax and uncommon words to make it more secure, or just use more words). This was a surprise, because the thought was it should be much _more_ secure then a short random string of chars. However, it's still a bit better, but more importantly: Vastly more user friendly!

http://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/

On 01.06.2012, at 10:46, Richmond wrote:

> On 06/01/2012 01:18 AM, Kay C Lan wrote:
>> If you don't mind me asking, what was your old password. I don't need the
>> exact, I'm just wondering if was 'my birthday' or like  '12345' or
>> something that would be considered weak.
>> 
>> I'm just interested in how sophisticated the attack was.
>> 
>> My passwords are getting more complex, but I'm wondering if I'm keeping
>> ahead of the game.
>> 
>> 
> 
> I have a finger, a Bible and a box of buttons:
> 
> 1. Flip open the Bible with my finger, at reasonably random.
> 
> 2. Choose the whackiest word on the page: OK, OK, not 'that' random'; stick to the Hebrew Bible, aka Old Testament).
> 
> 3. Grab a handful of button from the box.
> 
> 4. Count the buttons.
> 
> 5. Insert the number of buttons somewhere inside the whacky word from the Bible.
> 
> "Methu34selah", "Abs81alom", "Shad67rach"
> 
> High Tech!
> 
> But, probably, just because NOT generated by a machine, reasonably hard to crack.
> 
> I am trying as hard as possible to keep 'behind' the game - largely inspired by a science
> fiction book I read when I was 15, where freedom fighters rebelling against a totalitarian
> regime on Venus (acidity permitting . . . LOL) communicated by Amplitude Modulated Radio.
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

-- 

Use an alternative Dictionary viewer:
http://bjoernke.com/bvgdocu/

Chat with other RunRev developers:
http://bjoernke.com/chatrev/