On Tue, Aug 12, 2014 at 2:11 PM, jdd <jdd@dodin.org> wrote:
Le 12/08/2014 19:47, Greg Freemyer a écrit :
With a 18 char password, even the weakest encryption scheme should be relatively secure
an 18 char passwd have to be written down, too long to be remembered. How do you do if you need it on travel?
DogKilledByApe,News@11 21 chars and easy to remember. Long passwords don't necessarily have to be complex, just long and relatively obscure. I would write down a hint for that like, "Ape loose in the city". That should enough for me to remember it. fyi: I just made that one up, so feel free to use it!
keying it needs often several tries, because chance are you make typos. If somebody is videotaping you, how long will it take to recover it? any keylogger will anyway do the job (let only the sound of your keyboard...).
brute force is very difficult to use on most system where login is trial limited. My bank needs me to go to office in person if I fail three time.
The first goal of most hackers is the password repository. They then have a copy of all the encrypted passwords. They then start cracking those passwords. Let's say they manage to steal 1,000,000 encrypted passwords. They will setup a list of "all short passwords" and a list of all common passwords. Let's say that is 100,000,000 passwords. For their big 100 million password list they run all of them through the encryption algorithm and now have a 100 million hash / password pairs. They match the stolen 1 million password hashes against the 100 million pre-calculated pairs and out pops 80 or 90% of the passwords. That process is called using rainbow tables to crack a password. If you are using either short or common passwords, you will be part of the victim list. Proper use of salt makes this much more complicated and I admit to not recalling the details of how salt plays into this. Greg -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org