Re: Secure passwords?



Perhaps I could make a real world example here? I have heard that zip-passwords are easily cracked? Much easier than WinRAR? Anyway I could zip something with a "weak" passphrase and anyone are welcome to try to crack it? Because I think my mind needs to become convinced that is it really so weak :-)

AV wrote:
That sounds very strange to me since the first one has so many more characters and has misspelled words.

And shouldn't any secure login to anything only accept just a few attempts, e.g. three. To me it seems like if you just such a system (or application) then actually a rather short password should be rather safe. How likely is my "weak" passphrase below will be entered in three attempts? And after these three attempts you need to restart the application. How long time would it take for the fastest machine on earth today to brute force that passphrase?

But again, I cannot understand that the first one is considered weaker than the second one. In TrueCrypt it is the opposite. You get a warning if the password/phrase is shorter than 20 characters. I suppose you could find other sites that are of opposite opinion?


.



Relevant Pages

  • RE: ADS Password Storage Protection
    ... reason many organizations recommend a complex password but only up to 8 ... characters long is because many unix systems don't support a password ... complex for dictionary attack and other similar reasons. ... not want the passphrase to appear in, I would exclude a popular book of ...
    (Security-Basics)
  • Re: ALERT: WPA isnt necessarily secure
    ... WPA-PSK is vulnerable to offline attack. ... USE A PASSPHRASE WITH MORE THAN 20 CHARACTERS. ... USE MORE THAN 32 CHARACTERS. ...
    (alt.internet.wireless)
  • RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!
    ... the cracker best know that it is a passphrase versus a password ... characters which will take a while or use some fairly large tables. ... through the policy. ... this legacy support really hurts MS'es attempts to get more secure. ...
    (Full-Disclosure)
  • Re: Pb w/ text i/p to ssh-keygen on openSUSE
    ... for saving the key - but hits a pb after the "Enter passphrase (empty ... even knowing the number of characters compromises security too much. ... Knowing the number of characters is a security hole, indeed, and knowing ...
    (uk.comp.os.linux)
  • RE: XP password and encryption
    ... :> increases the encryption in a non-linear way... ... This depends on the type of passphrase you use. ... it does not matter how many characters you use it is going to be trivial ... So you can not disable NTLM in this case you most suggest using ...
    (Security-Basics)