Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6
1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 2221604 21-Apr-2019 09:37
Send private message quote this post

dafman:

A lot of discussion about brute force attacks, but in reality how many sites we log into are at risk of brute force attack?


Unless you have an unprotected database on some obscure server, most of us use passwords for the likes of email, social media, banking, cloud services etc, all of which will have protection against brute force attacks. If i stuff up my password for gmail more than a few times I'm stuffed, so I'm not particularly concerned about statistics of the time required for brute force attempts to crack my gmail password.


I use long passwords, unique by service, and protected for MFA where available, so I'm not particularly concerned about hackers trying to hack me at so many thousands of attempts per nano second.



The problem is facebook and others have lousy security and many sites are vulnerable to script injection or similar which gives a cracker your password.
A large corporate just got done for have passwords in a plain text file.




nunz

8437 posts

Uber Geek
+1 received by user: 2889

Lifetime subscriber

  # 2221627 21-Apr-2019 10:55
Send private message quote this post

Geektastic: But utterly impossible to remember unless you're Rainman...

 

you dont need to remember them though

 

i only rememeber 3 of my complex passwords, the rest the password manager remembers for me and its so much faster than having to type them in.


 
 
 
 


2731 posts

Uber Geek
+1 received by user: 1319

Trusted
Subscriber

  # 2221631 21-Apr-2019 11:09
Send private message quote this post

ANglEAUT:

 

Jase2985:

 

its hard to memorize 50+ passwords especially when they are complex and especially when you change them regularly.

 

 

Very true indeed

 

 

I have heaps of passwords, all unique. I keep them encryoted in Keepass (with a very long password) but can remember most of my common ones.

 

I use unconnected words that I can string together to remember. For example, looking out my window right now now I can see birds in our cabbage tree. So if I was changing a password, say for email this morning, I might use: outsideCabbagebirds.

 

Easy to remember (I think back to what was I doing when I last changed this password) and, according to 'how safe is my password' it will take about 6 trillion years to brute force hack.

 

 


1348 posts

Uber Geek
+1 received by user: 159


  # 2221634 21-Apr-2019 11:23
Send private message quote this post

Geektastic:
paulchinnz:

Hmm, ns8vfpobzmx098bf4coj with a number added to the end of it should just about be impenetrable...



But utterly impossible to remember unless you're Rainman...


And not vey strong, it is only 5 bits.




Software Engineer

 


Circumspice
583 posts

Ultimate Geek
+1 received by user: 143

Trusted
Lifetime subscriber

  # 2221712 21-Apr-2019 13:04
Send private message quote this post

Strength is relative, but for the record, according to the article referenced by the OP, it'd take centuries to brute force ns8vfpobzmx098bf4coj




BDFL - Memuneh
63292 posts

Uber Geek
+1 received by user: 13834

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2221713 21-Apr-2019 13:07
One person supports this post
Send private message quote this post

Remember this is all for nothing if the service provider (a forum, a pizza place) stores the passwords as plain text instead of hashing and encrypting it. You can't worry about the things you can't manage, so that's why it's important you don't reuse passwords and use a long one (where possible). These are things you can manage.







BDFL - Memuneh
63292 posts

Uber Geek
+1 received by user: 13834

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2221716 21-Apr-2019 13:14
Send private message quote this post

nunz:

 

BTW - THe password checker reference above says Password1234 takes 3000 years to guess. Password strength checkers are dodgy at best.   JesusJohn3:16 takes millions of years to crack -- except it doesn't. Dashlanes ideas on password strength are a little dated.

 

 

Exactly, Password1234 may look strong but it is weak because it's been in leaks before so it's probably on the top of dictionaries. And in any brute force attempt, Bad Actors (TM) will first try Known Passwords, you know, just in case. So Password1234 can actually be broken in less time than it takes for you to blink.





4130 posts

Uber Geek
+1 received by user: 1390


  # 2221718 21-Apr-2019 13:17
Send private message quote this post

dafman:

 

ANglEAUT:

 

Jase2985:

 

its hard to memorize 50+ passwords especially when they are complex and especially when you change them regularly.

 

 

Very true indeed

 

 

I have heaps of passwords, all unique. I keep them encryoted in Keepass (with a very long password) but can remember most of my common ones.

 

I use unconnected words that I can string together to remember. For example, looking out my window right now now I can see birds in our cabbage tree. So if I was changing a password, say for email this morning, I might use: outsideCabbagebirds.

 

Easy to remember (I think back to what was I doing when I last changed this password) and, according to 'how safe is my password' it will take about 6 trillion years to brute force hack.

 

 

 

 

the problem with keepass is that the website integration is not great. At least, when I was using it a few years ago. 

 

 


1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 2221764 21-Apr-2019 16:02
Send private message quote this post

I right click the password entry and it auto types in the login forms.

Side note. 3 or 4 dictionary words together is not strong. Ill try to find the article where a cracker details an exploit but hashing multiple words is standard now as are large hash tables of words and variants. Todays cpu power eats that type of job up very quickly and produces comprehensive hash tables.




nunz

2731 posts

Uber Geek
+1 received by user: 1319

Trusted
Subscriber

  # 2221793 21-Apr-2019 18:36
Send private message quote this post

surfisup1000:


the problem with keepass is that the website integration is not great. At least, when I was using it a few years ago. 



I keep my keepass file in dropbox and can access it via a windows app and an android app (keepass droid) both of which integrate well. I think for iOS there are more limitations.


14743 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 2221829 21-Apr-2019 19:42
Send private message quote this post

dafman:

 

I keep my keepass file in dropbox and can access it via a windows app and an android app (keepass droid) both of which integrate well. I think for iOS there are more limitations.

 

 

Same, but with free dropbox now you can only link 3 devices. Home PC, work PC, and phone reaches that limit. I've started sharing it between personal devices using Resilio Sync (BitTorrent Sync).

 

OwnCloud looks pretty nice for things like this, but I've never tried it. I might try some time, but my server is an AWS t2.nano reserved instance with 512MB RAM and 512MB of swap, I'm not sure it has the resources available. I might have a play with it one day though.


1348 posts

Uber Geek
+1 received by user: 159


  # 2221858 21-Apr-2019 20:57
Send private message quote this post

paulchinnz:

Strength is relative, but for the record, according to the article referenced by the OP, it'd take centuries to brute force ns8vfpobzmx098bf4coj



I would suggest a matter of days.




Software Engineer

 


Mad Scientist
20119 posts

Uber Geek
+1 received by user: 2734

Trusted
Lifetime subscriber

  # 2221927 21-Apr-2019 23:16
Send private message quote this post

freitasm:

 

If you ever had doubts that reusing passwords is a costly mistake; that adding a number to the end of your previous password is stupid; if longer random-generated passwords are a burden, then read this article.

 

 

 

 

In the article it mentions crack times of passwords, ranging from 0.2 to 12 mins (from my first glance)

 

How do they know they have cracked the password ?  Say from what I know how to log in to a website - you type in a guess password, click log in, and then get a response. Try a few times and get locked out. Is there a way for hackers to bypass this hassle and enter passwords thousands of times a second without getting locked out?





Swype on iOS is detrimental to accurate typing. Apologies in advance.




BDFL - Memuneh
63292 posts

Uber Geek
+1 received by user: 13834

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 2221929 21-Apr-2019 23:21
Send private message quote this post

How many websites do this? Some websites don't limit at all. Some websites still store passwords in plaintext.

Forget about them. Do what you have to do to protect yourself.




1353 posts

Uber Geek
+1 received by user: 281

Subscriber

  # 2222036 22-Apr-2019 10:31
One person supports this post
Send private message quote this post

Batman:

freitasm:


If you ever had doubts that reusing passwords is a costly mistake; that adding a number to the end of your previous password is stupid; if longer random-generated passwords are a burden, then read this article.


 



In the article it mentions crack times of passwords, ranging from 0.2 to 12 mins (from my first glance)


How do they know they have cracked the password ?  Say from what I know how to log in to a website - you type in a guess password, click log in, and then get a response. Try a few times and get locked out. Is there a way for hackers to bypass this hassle and enter passwords thousands of times a second without getting locked out?



Crackers will exploit a user db ... often sql injection via insecure web forms. This gives them hashed passwords.
They then run the hashes against known hash db and then run brute force on the rest.

Once they plain text the password they will know as the guessed hash matches the hash from the db.

They use rigs containing multiple graphics cards and fast drives or else hand it off to zombie nets for spread cpu processing.




nunz

1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06


Motorola Solutions joins local partners to deliver advanced communications network in New Zealand
Posted 30-Apr-2019 21:50



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.