hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
qcred11
Jul 6 2004, 04:10 AM
QUOTE


Techniques to improve the quality of passwords against dictionary attacks.

h3llraz0r
Jul 6 2004, 06:03 AM
good read, thanks for the info biggrin.gif
as0l0
Jul 6 2004, 06:41 AM
good article, thankyou for sharing.
manu
Jul 6 2004, 11:36 AM
Use complex passwords tongue.gif

Mix of capital and small letters, numbers and special charactors, Well, dont use the words in dictionary... If you can, use some password manager programs to remember your 20 charactor long passwords... Lol.. Never use the same password in multiple places.. Thats it.. no need to buy a book to learn..

Manu wink.gif
nuorder
Jul 6 2004, 12:17 PM
use a special alt character eg: é and youve already defeated about ¾ of the windows password based tools as there as they dont support them (psexec and cain are a few examples)
manu
Jul 6 2004, 05:14 PM
QUOTE (nuorder @ Jul 6 2004, 12:17 PM)
use a special alt character eg: é and youve already defeated about ¾ of the windows password based tools as there as they dont support them (psexec and cain are a few examples)

nuorder,

thats a nice idea m8.. biggrin.gif

manu
dijk
Jul 6 2004, 10:00 PM
nice article - thx m8 - very helpful
twistedps
Jul 9 2004, 06:07 PM
QUOTE (manu @ Jul 6 2004, 11:36 AM)
Use complex passwords tongue.gif

Mix of capital and small letters, numbers and special charactors, Well, dont use the words in dictionary... If you can, use some password manager programs to remember your 20 charactor long passwords... Lol.. Never use the same password in multiple places.. Thats it.. no need to buy a book to learn..

Manu wink.gif

what ive heard actually from microsoft i believe is to use phrases instead of complex letters and numbers...

for example:
pass: longwalkdownbythebeach
pass: imgonnasexoryou

is gonna be easy to remember, rather then:
pass: b4heiHks8HH

and it would take just as long to brute force (maybe even longer) the phrase instead of random numbers/letters

just my 2 cents smile.gif
Dominater
Jul 11 2004, 02:31 PM
QUOTE (twistedps @ Jul 9 2004, 06:07 PM)
what ive heard actually from microsoft i believe is to use phrases instead of complex letters and numbers...

for example:
pass: longwalkdownbythebeach
pass: imgonnasexoryou

is gonna be easy to remember, rather then:
pass: b4heiHks8HH

and it would take just as long to brute force (maybe even longer) the phrase instead of random numbers/letters

just my 2 cents smile.gif

LC4 can crack parts of a password so big chance it will find the first 2 passes in a few mins using only dictionary attack, while the last pass will take a few hours smile.gif
mhl103
Jul 11 2004, 02:49 PM
QUOTE
LC4 can crack parts of a password so big chance it will find the first 2 passes in a few mins using only dictionary attack, while the last pass will take a few hours


He's talking about dictionary cracking...
tibbar
Jul 12 2004, 07:26 AM
i think there is pretty simple answer here. dont use words from dictionaries tongue.gif
ZoraX
Jul 12 2004, 08:07 AM
Looks like a good article, im not going to read it atm, maybe ill do it later.

And you can make passwords with numbers and lethers, use a date u know, and maybe split up a word you know. + At the end u use a spesial special alt character as nuorder wrote earlyer.

Example:

Word: CocaCola
Date: 24/12/2004

Password: 24Coca12Cola2004ä


Not so hard to remember this pass, but a Dictionary attack would not work.
nuorder
Jul 12 2004, 09:21 AM
yep ZoraX thats a good idea
someone who puts and ALT character at the end of a NON-complex password like happyé would be in trouble as its a common misconception that this will save you even though the keyspace is very large
a good combination wordlist to attack this would be your standard dictionary list combined with a smaller one that has all printable single characters and all numbers up to 999

eg:
superman272
truckeré
computer55

would all be largeish keyspace passwords with some complexity but are very vulnerable to such an attack which wouldnt take much time at all
globey
Jul 12 2004, 09:51 AM
its can be usfuule tnx.
tip for me to wirte a pssword: use all cahrters like: a-z\A-Z\0-9
g7H9klP4
LKM
Jul 12 2004, 10:15 PM
When possible use a blank character like : "dkl7H js"
o0oKARo0o
Jul 12 2004, 11:08 PM
Longer then 10 characters and including some nice ones like ñ ¿ and things like that, with numbers too
Example: megustamucholaespañadel2001
tongue.gif
mhl103
Jul 13 2004, 01:35 AM
QUOTE
megustamucholaespañadel2001


Thats not just a bit extreme tongue.gif i would want something i can type like first time everytime as well. But chucking a space into a password even stuffs up loftcrack a fair bit so it's not a bad idea smile.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.