Rate these passwords for security on a scale of one to ten?

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

Re: Rate these passwords for security on a scale of one to ten?

Post by Slahd on Sun Jul 31, 2011 12:29 am
([msg=60362]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

While we're still on the topic of what makes a good password, what do you think would be the ultimate password? And by ultimate, I mean what would be reasonably sized (so you can remember it), have a mix of both capital and lowercase letters, numbers, and possible symbols. What would be your example of this? I think one would be:
Ir0w4n103d0Ch1r1nuru0W4g4y0t4r3z0T5un3n4r4muU1n00kuy4m4Ky0k03t3454k1yum3m1j1E1m053zu.

I got this from the Iroha, an old Japanese poem, and this is turned 1337. Also, if you memorize the Iroha, then it would memorable. it has a mix of capital and lowercase letters. Lots of numbers. But I thought symbols would make it a bit too difficult. So that's why there's a period at the end, but nothing else.

S
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
Slahd
Experienced User
Experienced User
 
Posts: 62
Joined: Sat May 28, 2011 12:24 pm
Location: Portland, OR
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by pretentious on Sun Jul 31, 2011 3:25 am
([msg=60365]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

The ultimate password would be the last one to be tried. When brute forcing, every password will be tried, so the target's only hope is to have a password that would take long enough to guess for the the attacker to loose patience. Assuming most password crackers start at 'a' for instance and proceed to b...z...aa....az, the ultimate password would be 'zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz' or z*n unless the attacker is a smart ass and has that in his password list :?
Using a 1337speak pass phrase is a good idea but isn't totally necessary because unless a custom charset is involved, the target will only need to include one special character in the password for the whole extra charset to need to be included.
Goatboy wrote:Oh, that's simple. All you need to do is dedicate many years of your life to studying security.

IF you feel like exchanging ASCII arrays, let me know ;)
pretentious wrote:Welcome to bat country
User avatar
pretentious
Poster
Poster
 
Posts: 454
Joined: Wed Mar 03, 2010 12:48 am
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by Slahd on Sun Jul 31, 2011 10:51 pm
([msg=60382]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

I see... So a shit ton of z's would be more effective than some 1337 phrase? At least unless a brute-forcer already knows that. But I do get that the ultimate password would be something that couldn't be found unless the brute-forcer had enough patience. However, to make it the best, it would have to take an endless amount of time to find. So, I'm assuming that a password like that would be z*∞ or something similar.

S
CheckFINISHED checkFINISHED checkFINISHED
checkcheckcheck FINISHEDFINISHEDFINISHED
checkcheckcheckcheckcheckcheck
FINISHEDFINISHEDFINISHED
FINISHEDFINISHEDFINISHED
<Die the Death>!
<Sentence to Death>!
<Great Equalizer is The Death>!!
Slahd
Experienced User
Experienced User
 
Posts: 62
Joined: Sat May 28, 2011 12:24 pm
Location: Portland, OR
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by mShred on Mon Aug 01, 2011 2:24 am
([msg=60386]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

That's nice and all, but realistically, a brute-forcer is in no way the only thing you have to worry about. Rainbow tables, guessing, and peeking are all common factors. In your case, if your password was 'zzzzzzzzzzzzz', and i was peeking, all I'd have to do is count how many times you pressed the same button. Even if i didn't know it was a 'z', then i could just manually try each letter or number.
Image

For those about to rock.
User avatar
mShred
Administrator
Administrator
 
Posts: 1612
Joined: Tue Jun 22, 2010 4:22 pm
Blog: View Blog (2)


Re: Rate these passwords for security on a scale of one to ten?

Post by tremor77 on Tue Aug 02, 2011 11:41 am
([msg=60452]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

lol @ z's!!! wanna know why? Well, it's a matter of personality... there are some people who read lists from the bottom up.. who organize things in reverse order and in general just think in reverse.... that's me.. after reading the z's suggestion I decided to peak at my password dictionary file. After a list of about 3,000 of the most commonly used passwords and other passwords I've added (including common l33t speak phrases that I've manually added - if you use P@55w0rd your phucked btw it's the first one in my attack vector) - my dictionary launches into generic Brute Force... starting with... you guessed it, Z's and working backwards to A's.

The twelve letter password of all Z's appears on line 3,027 of my file. And in your honest opinions, how many password attacks are brute force anymore rather than some type of hybrid?

Ultimately however, you should be concerned with the security of your login if it doesn't shut down and flag password attempts after like the 5th failure anyway. I lock out login attempts usually at 3, and require an admin reset along with e-mail notices about the attempt. In all my years I've developed my passwords file as more of a hobby than anything, I can pretty much say that I've never performed a successful dictionary or brute force attack (in testing on my own servers of course) due to general login attempt restrictions.
Image
User avatar
tremor77
Moderator
Moderator
 
Posts: 789
Joined: Wed Mar 31, 2010 12:00 pm
Location: New York
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by NukkaXsplasH on Sun Jul 08, 2012 11:28 am
([msg=67853]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

My personal recommendation is using different passwords for all forums/accounts.
Using different passwords with these accounts will be a huge relief if one password manages to become compromised.

Yes, the best type of password would be randomly generated with characters, numbers, symbols, ect.

Although they are difficult to remember, if the data is sensitive and attractive to hackers having a strong password is important.
NukkaXsplasH
New User
New User
 
Posts: 7
Joined: Sun Jul 08, 2012 9:02 am
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by centip3de on Sun Jul 08, 2012 12:14 pm
([msg=67854]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

NukkaXsplasH wrote:My personal recommendation is using different passwords for all forums/accounts.
Using different passwords with these accounts will be a huge relief if one password manages to become compromised.

Yes, the best type of password would be randomly generated with characters, numbers, symbols, ect.

Although they are difficult to remember, if the data is sensitive and attractive to hackers having a strong password is important.


I would get irritated that you necro'd this thread to hell, but as you're new to the forums I'll politely ask you not to do it again. So, please for the love of the Higgs Boson check the last post date before you post in an older thread. Thank you and welcome to HTS.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1409
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by anarchy420x on Mon Jul 09, 2012 3:32 am
([msg=67886]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

Since this was necro'd anyway. I am curious if anyone tested to see if the information he gave was valid at the time.
A broken clock is right twice a day, however, I am neither up that early nor up that late...
anarchy420x
Poster
Poster
 
Posts: 279
Joined: Thu Oct 16, 2008 12:43 am
Blog: View Blog (0)


Re: Rate these passwords for security on a scale of one to ten?

Post by WallShadow on Mon Jul 09, 2012 7:50 pm
([msg=67908]see Re: Rate these passwords for security on a scale of one to ten?[/msg])

NukkaXsplasH wrote:My personal recommendation is using different passwords for all forums/accounts.


Now this I consider golden. Few people realize how important this is. If anyone remembers the HBGary Federal incident, the entire thing happened because the CEO of the company, Aron Barr, used the same exact password for everything. So when the hackers utilized an SQL injection and stole his e-mail password from his local site, they were able to use the password to hack into everything else including his g-mail, server, and a crap load of other stuff.

NukkaXsplasH wrote:Yes, the best type of password would be randomly generated with characters, numbers, symbols, ect.


I'd like for you to take a look at the following image. Although it is a joke, it holds some truth to this topic:

Image

This is only assuming you use some kind of an advanced brute-forcing technique.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Previous

Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests