The OrigF/clred
Member
again, let me restate, i'm at best, a somewhat intelligent fred flintstone of computers - what i learned about passwords on the silk road security forums more than surprised me. One nice thing about SR's security forum, you had users or posters that were obviously extremely knowledgeable in computer software and security, but that were willing to talk in common english for the computer idiots like me.
But password strength is important to preserver the security of whatever you to protect. the security experts strongly suggested a password of a minimum of 25 nonsensical characters, or more. one example K3m4JG4irk7duQ2qqistw?0/rt.
The security experts all seemed in agreement, that 99% of the passwords most folks use can be force broke in under 1 hour, and usually 5-15 minutes. Everyone apparently assumes no one will guess they're using the name of their first elementary school or a long departed pet's name. Security forensics people have what's called "brute force" programs, that scan your computer's hard drive looking for any nouns, words etc that are not in common use but appear more than one time in your files. So if you have pictures of your old pet titled by their name saved on your computer, bingo, that software will then use all those names in it's brute force attempt to hack past your password protection.
There's no way my tired old brain is going to remember a string of 25 nonsensical characters, hell the wife has to remind me where i'm going, half the time, before i've gotten out the front door. There is another way. There's a list called the "diceware list' (1st the general info page http://world.std.com/~reinhold/diceware.html then the actual list http://world.std.com/~reinhold/diceware.wordlist.asc .
The idea is for you to generate five 5 digit numbers (you can use dice), for example 11121 would be the first 5 digit group.
on that list from the 2nd link above, 11121 = "aaron". Aaron becomes the first word in your password.
instead of using a pair of dice, i simply went thru the list selecting 5 words that had no correlation, and wrote down just the 5 digit number each word corresponded to and saved those in a file on my computer (in case i ever forget the actual words, i can use those numbers to identify the words in my password.
Let's say you ended up with "aaron jumped bells thru the moon" for your password, which would light years easier for me to remember. I then went in adding a punctuation mark between the words, eliminating the spaces, so i might end up with aaron/jumped/bells?thru:the!moon and then capitalize some letters of your choosing.
The security experts indicate a password of 25 or more nonsensical characters / words, at the current state of computer speed, would take 2-5 years of computer time and a $130,000 budget. If you're al quaida, NSA and whoever would devote some effort. For everyday communications on everybody on the planet, no way.
in another thread, i'll explore or share what i know about encrypting communications, whether PMs or email -
if there's anyone more knowledgeable in what i've shared, please chime in - i'm pretty sure what i've posted is 100% accurate, but i'm not thin skinned - so critique me if you think it appropriate.
[FONT="]
[/FONT]
But password strength is important to preserver the security of whatever you to protect. the security experts strongly suggested a password of a minimum of 25 nonsensical characters, or more. one example K3m4JG4irk7duQ2qqistw?0/rt.
The security experts all seemed in agreement, that 99% of the passwords most folks use can be force broke in under 1 hour, and usually 5-15 minutes. Everyone apparently assumes no one will guess they're using the name of their first elementary school or a long departed pet's name. Security forensics people have what's called "brute force" programs, that scan your computer's hard drive looking for any nouns, words etc that are not in common use but appear more than one time in your files. So if you have pictures of your old pet titled by their name saved on your computer, bingo, that software will then use all those names in it's brute force attempt to hack past your password protection.
There's no way my tired old brain is going to remember a string of 25 nonsensical characters, hell the wife has to remind me where i'm going, half the time, before i've gotten out the front door. There is another way. There's a list called the "diceware list' (1st the general info page http://world.std.com/~reinhold/diceware.html then the actual list http://world.std.com/~reinhold/diceware.wordlist.asc .
The idea is for you to generate five 5 digit numbers (you can use dice), for example 11121 would be the first 5 digit group.
on that list from the 2nd link above, 11121 = "aaron". Aaron becomes the first word in your password.
instead of using a pair of dice, i simply went thru the list selecting 5 words that had no correlation, and wrote down just the 5 digit number each word corresponded to and saved those in a file on my computer (in case i ever forget the actual words, i can use those numbers to identify the words in my password.
Let's say you ended up with "aaron jumped bells thru the moon" for your password, which would light years easier for me to remember. I then went in adding a punctuation mark between the words, eliminating the spaces, so i might end up with aaron/jumped/bells?thru:the!moon and then capitalize some letters of your choosing.
The security experts indicate a password of 25 or more nonsensical characters / words, at the current state of computer speed, would take 2-5 years of computer time and a $130,000 budget. If you're al quaida, NSA and whoever would devote some effort. For everyday communications on everybody on the planet, no way.
in another thread, i'll explore or share what i know about encrypting communications, whether PMs or email -
if there's anyone more knowledgeable in what i've shared, please chime in - i'm pretty sure what i've posted is 100% accurate, but i'm not thin skinned - so critique me if you think it appropriate.
[FONT="]
[/FONT]