Site Map - skip to main content - dyslexic font - mobile - text - print

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.


hpr1620 :: Passwords, Entropy, and Good Password Practices

This episode explores the best password practices from a mathematical viewpoint with recommendations

<< First, < Previous, Latest >>

Host Image
Hosted by Ahuka on 2014-10-17 is flagged as Clean and is released under a CC-BY-SA license.
Listen in ogg, spx, or mp3 format. | Comments (8)

Part of the series: Privacy and Security

In this open series, you can contribute shows that are on the topic of Privacy and Security

Right now for most of us the key to any security in our online life is the degree of entropy in our passwords. So what is entropy, and how does it affect our passwords?

Entropy is in general the degree of randomness or disorder in any given system. Sometimes it is very easy to assess, such as a password of 1234, which all too many people use. Because it is a simple sequence, there is no real randomness at all, and would be quickly guessed. And as we saw in the last tutorial, such passwords are quickly discovered in a dictionary attack. There are things you can do to make it less likely that your password will be cracked and used against you. - For more go to http://www.zwilnik.com/?page_id=530

Links:


Comments

Subscribe to the comments RSS feed.

Comment #1 posted on 2014-10-17T12:49:49Z by cybergrue

Dangerous advice

Another good episode, but the advice on using haystacks was dangerous. As you mentioned, the search space is becoming to large to sytematiclly search, so password crakers have evolved. One method they use is to take found words (not just out of a standard dictionary, such as all the words in wikipedia, other languages, leaked password lists, etc.) and try these plus varients like padding with additional characters, combining multiple words together (with and without spaces). In one news story, a password cracking package was breaking passwords that were 55 characters long! http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/
These passwords were weak (common words strung together like the xkcd advice are particularly vulnerable) http://xkcd.com/936/ but it does show there are no short-cuts in creating a good password, it has to be completely random, mixed cases with symbols and numbers and long!
I would have submitted a responce show, but I think that this is too important, and that you should be the one to say this.

Comment #2 posted on 2014-10-17T18:06:45Z by John

Thanks, very interesting information. I appreciate you taking the time to do this, and the other podcasts you contribute. All the best, John

Comment #3 posted on 2014-10-21T19:34:45Z by Kevin O'Brien

Please do a show

Cybergrue, I think you should do a show. It would be a great contribution. I have never thought that my opinions were the last word on anything, and I welcome dialog, as Ken Fallon can attest.

Comment #4 posted on 2014-10-22T06:15:53Z by Ken Fallon

Very good show but 2 comments

1. The use of the word Hacker without prefixing it with malicious
2. Many systems restrict the length and type of characters that can be used

Comment #5 posted on 2014-10-22T20:42:21Z by Kevin O'Brien

Yes and ...

Guilty on the first point. I should have been more precise.

On the second point, are you saying that it is _good_ to restrict length and characters in passwords? Because if so I would love to hear your reasoning. Maybe I missed something in my analysis.

Comment #6 posted on 2014-10-23T17:17:44Z by pokey

Another Excellent episode

Full of Great information, and presented in an entertaining way, by a man who could (and did) keep listeners engaged while reading the phone book. Thanks for everything you do for HPR, Ahuka.

cybergrue,
1. a great point. Thank you.
2. Please do a show detailing this. You're a member of our community, so we want to hear from you as well. It doesn't have to be long, it just has to be you. TIA.

Comment #7 posted on 2014-10-24T19:36:47Z by Ken Fallon

NO!!!

No length restrictions are not good, nor are charachter restrictions. Yet it is a fact that these restrictions exist.

Comment #8 posted on 2014-10-30T11:35:35Z by Mike Ray

Pasting passwords?

This is probably a stupid question about passwords. I recently had reason to believe I had been attacked by a key-stroke harvesting nasty, and it prompts the question; is it a good idea, or even is it remotely effective, to paste a password from the clipboard if it has been copied from another document? This at least gets round the key-stroke bandits, right?

Leave Comment

Powered by Comment Script