This episode explores the best password practices from a mathematical viewpoint with recommendations
Hosted by Ahuka on 2014-10-17 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (8)
In this open series, you can contribute shows that are on the topic of Privacy and Security
Right now for most of us the key to any security in our online life is the degree of entropy in our passwords. So what is entropy, and how does it affect our passwords?
Entropy is in general the degree of randomness or disorder in any given system. Sometimes it is very easy to assess, such as a password of 1234, which all too many people use. Because it is a simple sequence, there is no real randomness at all, and would be quickly guessed. And as we saw in the last tutorial, such passwords are quickly discovered in a dictionary attack. There are things you can do to make it less likely that your password will be cracked and used against you. - For more go to http://www.zwilnik.com/?page_id=530
Subscribe to the comments RSS feed.
Comment #1 posted on 2014-10-17T12:49:49Z by cybergrue
Another good episode, but the advice on using haystacks was dangerous. As you mentioned, the search space is becoming to large to sytematiclly search, so password crakers have evolved. One method they use is to take found words (not just out of a standard dictionary, such as all the words in wikipedia, other languages, leaked password lists, etc.) and try these plus varients like padding with additional characters, combining multiple words together (with and without spaces). In one news story, a password cracking package was breaking passwords that were 55 characters long! http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/
These passwords were weak (common words strung together like the xkcd advice are particularly vulnerable) http://xkcd.com/936/ but it does show there are no short-cuts in creating a good password, it has to be completely random, mixed cases with symbols and numbers and long!
I would have submitted a responce show, but I think that this is too important, and that you should be the one to say this.
Comment #2 posted on 2014-10-17T18:06:45Z by John
Thanks, very interesting information. I appreciate you taking the time to do this, and the other podcasts you contribute. All the best, John
Comment #3 posted on 2014-10-21T19:34:45Z by Kevin O'Brien
Please do a show
Cybergrue, I think you should do a show. It would be a great contribution. I have never thought that my opinions were the last word on anything, and I welcome dialog, as Ken Fallon can attest.
Comment #4 posted on 2014-10-22T06:15:53Z by Ken Fallon
Very good show but 2 comments
1. The use of the word Hacker without prefixing it with malicious
2. Many systems restrict the length and type of characters that can be used
Comment #5 posted on 2014-10-22T20:42:21Z by Kevin O'Brien
Yes and ...
Guilty on the first point. I should have been more precise.
On the second point, are you saying that it is _good_ to restrict length and characters in passwords? Because if so I would love to hear your reasoning. Maybe I missed something in my analysis.
Comment #6 posted on 2014-10-23T17:17:44Z by pokey
Another Excellent episode
Full of Great information, and presented in an entertaining way, by a man who could (and did) keep listeners engaged while reading the phone book. Thanks for everything you do for HPR, Ahuka.
1. a great point. Thank you.
2. Please do a show detailing this. You're a member of our community, so we want to hear from you as well. It doesn't have to be long, it just has to be you. TIA.
Comment #7 posted on 2014-10-24T19:36:47Z by Ken Fallon
No length restrictions are not good, nor are charachter restrictions. Yet it is a fact that these restrictions exist.
Comment #8 posted on 2014-10-30T11:35:35Z by Mike Ray
This is probably a stupid question about passwords. I recently had reason to believe I had been attacked by a key-stroke harvesting nasty, and it prompts the question; is it a good idea, or even is it remotely effective, to paste a password from the clipboard if it has been copied from another document? This at least gets round the key-stroke bandits, right?