Re: Web Site Hackers

In news:um8t85ta5gdml4htuh1cilpmqd727t4db8@xxxxxxx,
Mike Hendrix <mikehendrix@xxxxxxx> typed:
On Fri, 21 Aug 2009 04:16:01 -0400, bill horne <redydog@xxxxxxx>
wrote:

Bob Hatch wrote:
In news:rd9s85lb7sg2vrnofoopem0oq0jq8uvlcu@xxxxxxx,
Chuck Norris <hamguy1956@xxxxxxxxx> typed:
On Thu, 20 Aug 2009 01:49:10 -0600, "Bob Hatch"
<bob.hatch@xxxxxxxxx> wrote:

In news:79vp85h4upg56qd3fnpo2lrnmerfs8qdot@xxxxxxx,
Neon John <no@xxxxxxxxx> typed:
On Wed, 19 Aug 2009 23:49:36 -0600, "Bob Hatch"
<bob.hatch@xxxxxxxxx> wrote:

Mine looks something like this:
Ai4yX#4WdBHb

Only it's 16 or more characters long and the above is not part
of it/them.
I have a few of those laying around but I don't like 'em. If my
password manager ever goes tango uniform, I'm lost. Now that the
length limit on passwords has been removed in most cases, I like
nonsensical sentences that are easy to remember. Something like

ILift2DribbleTrout8Times.

A pass phrase that long can't be guessed or cracked by any known
method other than a bug in the password algorithm. Can't do
anything about that anyway, regardless of the PP length.

Just another way of doing things.

John
That would work and I may move to that type of thing eventually. I
use Roboform as my PW manager and the user file is located on
drive D. I back up the drive D every 12 hours, so I "think" I'm
safe, but may not be.

The folks at the hosting company said the hackers use a bot and
look for easy to crack PW's. Mine was one of those. :-(

I wonder what determines an 'easy to crack PW'!

Well, Tells The Truth explained it, but I'll do it again.

If you have a password of "kcifix", 6 characters long all small
letters. You have a total of 26 possible letters to use, so the
program has to look at 26 to the power of 6 combinations. An easy
crack for a computer.

Lengthen the PW to 16 small alpha characters and the combination is
26 to the power of 16. Add upper case to the mix and you increase
the number of possible passwords to 52 to the power of 16. Add
numeric characters and you increase the possible passwords to 62 to
the power of 16. Add symbols and you're over 72 to the power of 16,
an almost crazy number. :-)



In real life, how does a computer - no matter how fast - know when it
has cracked the PW? Because the sign-in worked? On my DSL, signing in
takes a minimum of a couple of seconds to tell me when I screw up.
Some sites take significantly longer. So my nearly non-existent
knowledge of PW cracking leads me to think that a computer can't make
more than 30-60 attempts per minute, because it has to wait to see if
it worked or not.

And some of my sites only give me a small number of tries before it
tells me to go away. How does a cracking bot handle that?
---------------------
bill, your mind and mine ask the same questions. Bob has done a great
job not only warning us of the danger but in this last post actually
explaining the need to add capitals/numbers/combinations etc.,

However, like you I do not understand how any computer gets past that
wait period.

mike

The easiest way is to download a key logger program to your computer and
wait for you to give the hacker your passwords. :-)

--
The American people will never knowingly adopt socialism,
but under the name of liberalism they will adopt every
fragment of the socialist program until one day America
will be a socialist nation without ever knowing how it happened."
Norman Thomas
http://www.bobhatch.com
http://www.tdsrvresort.com


.

Relevant Pages

  • Re: Web Site Hackers
    ... I wonder what determines an 'easy to crack PW'! ... If you have a password of "kcifix", 6 characters long all small ... program has to look at 26 to the power of 6 combinations. ... the number of possible passwords to 52 to the power of 16. ...
    (rec.outdoors.rv-travel)
  • The 15 Dumbest Superhero Retcons Of All Time
    ... Reach for the retcon! ... During the events of Marvel's Civil War crossover, Spider-man ... Age versions of characters from the Silver Age. ... That is the power of the retcon punch. ...
    (rec.sport.pro-wrestling)
  • Re: CoH musings
    ... dozens of characters because I got sick of their costumes in a few days. ... Sure at low level the generic IOs can be as good or better than regular ... missing their inherent stamina power that scrappers/tankers/brutes get. ... So you have to rely on the fully enhanced Stamina powerset to make do? ...
    (comp.sys.ibm.pc.games.rpg)
  • Re: US Military bans HTML in emails
    ... Complex passwords are not that much harder to ... Consider a password with a choice of X different characters for each ... takes using all upper- and lowercase letters, ... I can see only two advantages of complex passwords: ...
    (comp.os.vms)
  • RE: Basic question
    ... If somebody else hasn't covered it already, I'll try to send out a Kerberos ... > Unicode character set and can be up to 128 characters long, ... > Pre-W2K user interfaces limits do not allow passwords to ... I believe that you are referring to *LM* hashes. ...
    (Focus-Microsoft)