[clue] My password rant
Dan Kulinski
daniel at kulinski.net
Thu Aug 11 13:26:25 MDT 2011
Alright, let's go down the rabbit hole a little deeper and hopefully give
you things to think about.
The word chosen as the basis for the complex password was something
uncommon. This is to deter easy brute force attempts and may have had some
meaning to the user. After that has been established a common letter-number
substitution is used. Finally at the end of the password is a common set of
punctuation and a number. There is a formulated pattern to this password.
Now cracking it becomes that much easier. We look for uncommon words in the
speakers native language with at least 6 characters. We run it through a
simple substitution algorithm and append a set of punctuation and numerals
to the end.
Entropy in cryptography is the amount of information that is unknown and
must be guessed. Most corporate password standards are the following:
At least 8 characters with at least one selection from each of the following
categories:
-Capital letter
-Numeral
-Special character
It can't contain the following:
-Username
-company name
-Can't use a dictionary word
Generally what you find are things like Psswrd123 or Asdf1234, simple things
to get through the filter. So, are we really increasing security? The
tighter the rules the more formulaic things tend to become. When a password
expiration is done you will see the first example move to something like
Psswd124 and that last number incrementing until they can reuse old
passwords.
The comic is very interesting and thought provoking. Hopefully it does make
you think about your passwords and how you use them. Not every system I use
allows spaces so I stick to a few patterns based off of books I have read.
Usually a memorable quote and never the book title. And of course, this
doesn't even start to talk about password reuse on multiple sites.
Thanks for the discussion and dissecting this comic so thoroughly.
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20110811/0247a2bf/attachment.html
More information about the clue
mailing list