I got stuck on

momof3g8kids

--cited at least three times, so it can't be a typo. I guess it means that misspelling a password doesn't make it any more secure.

g8kids..

We used to call them "latchkey kids"..:)

Dang. I would never have thought of that. Britishism maybe? (But if so, wouldn't she have said "Mum"?)

I once used "open" as a password. It was perfectly safe and appropriate for the specific purpose :)

From what I recall ,there are reversible and one way hashes.. One way hashes should not be recoverable.

(PLEASE correct me if I am wrong on this)


However, a dictionary attack could break a one way encrypted password.

Suppose your password is fido and that gets encrypted as (*#&$#(87

There is no way to restore the gibberish to fido.

However, if you build a list of all possible words and run those through the same encryption algo, then you will have a list with the encrypted (*#&$#(87 being in the table. So, if your list has all the possible words and combos of words, then you can crack the password.

Now, people start getting smart and use a 'tough' password.. ie F!d() That could encrypt to something like #&^#*&$^#*

Now you can brute force this with either a massive dictionary or just an app that does a brute force. ie trying every character and combo of characters, running it through the one way encryption, then matching that against the encrypted hash you are trying to crack.

A couple of years ago that would have been a nightmare. However, with zombie bot nets out there, you could hand that job off. Thousands of hacked machines working on the problem on a distributive basis would work eventually.

I suppose we will start moving toward dongles or some other 2 part authentication

chris

When they have discredited every other method..they'll spring the surprise.. "DNA based authentication"..

for everything..

from Gmail and facebook to receiving your pension..or even combine DNA authentication with implanted NFchips or NF magnetic data holding tattoos..

Of course it will only work with "live" DNA ..or chip or tattoo carriers..to avoid "spare parts" fraud..

And there will be a market in stolen live tissue samples..etc etc ..

Yes, passwords will stop being cracked when the second law of thermodynamics reverses...or the opposite happens and the universe is just a sea of random stuff. I think I'm happy passwords can still be cracked...

Based on some of the browser caches I've seen on client's machines, I'd guess there is a boatload of DNA on keyboards and mice alone.

(going to wash my brain out with Clorox now)

If it makes everyone feel better, the password list was easy to crack largely because the security measures were poor. No salting and no iterations.

Glad you told us that.."the children were startled"..:)..do you have an ebook ? ..

Glad you told us that.."the children were startled"..:)..do you have an ebook ? ..

I'm actually very glad you found it obvious. I can only hope that everyone found it obvious. Unfortunately I still encounter developers who implement security but don't know about these techniques. Sadly, even big companies with vast resources sometimes don't know. It's usually worth repeating to be sure. :)

I agree with Birdbrain's most recent post..

and..

Glad you are "looking out for all of us"..... :)

I agree with Birdbrain's most recent post.

C'mon, give us a hint. Did the moderators disagree so vigorously that it was promptly deleted-- or do you have multiple windows open concurrently again?

C'mon, give us a hint. Did the moderators disagree so vigorously that it was promptly deleted

'Tis here ..just a short step through the wood to to the pool..
[webmasterworld.com...]

or do you have multiple windows open concurrently again?

always..how else would one sip..to do otherwise one might become entrapped by ones own reflection..or the moon..

It's great to have hashes, yet if you get locked out after 3-5 incorrect password attempts; it kind of defeats the whole 'the sky is falling'.

Of course it will only work with "live" DNA ..or chip or tattoo carriers..to avoid "spare parts" fraud..

And there will be a market in stolen live tissue samples..etc etc ..

Glad I wasn't sipping my coffee when I read this!

It's great to have hashes, yet if you get locked out after 3-5 incorrect password attempts; it kind of defeats the whole 'the sky is falling'.

For our Web UI, that's definitely a security feature to consider. Password hashing is most relevant when the database is exposed.

DNA based security

I think that should be added to this list of unethical human experimentation in the United States [en.wikipedia.org...]

[edited by: Sgt_Kickaxe at 7:36 pm (utc) on May 30, 2013]