dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed


Haltom City, TX
reply to NotTheMama

Re: P@$$1234: the end of strong password-only security

A randomly generated password, like the one i described above, has none of weaknesses of human generated passwords. It won’t be in any cracker’s 20GB word list and probabilistic attacks can’t be used, so an attacker is always forced into a true brute force attack (an exhaustive search of all possibilities). "Longer is stronger" is valid only when comparing randomly generated passwords. Passwords like: "resworb beW a gnisseccA.A", "n47= ...Timeout Delay: {", or "pmar fo ytilibacilppa 5.1" (25, 25, & 27 characters) may seem clever, but they were cracked by an individual using a normal desktop computer with a single GPU last year. He cracked about 83% of 146 million password hashes over a period of several months.

If you really want to protect your data, locate a quality random password generator and use two-factor authentication whenever it’s available.

What Would Earl Do?

Yeah, I know--the "Death of Clever". But my passphrases aren't "clever". They're just longer. They're not in any dictionary or any hash list. I'd put one of my short 32-character phrases up against any other 32-character random string. Brute force would be the only way to crack it.
"Face piles of trials with smiles; it riles them to believe that you perceive the web they weave."