Full Version: Securing Passwords Against Dictionary Attacks
| QUOTE |
Techniques to improve the quality of passwords against dictionary attacks. |
good read, thanks for the info 
good article, thankyou for sharing.
Use complex passwords 
Mix of capital and small letters, numbers and special charactors, Well, dont use the words in dictionary... If you can, use some password manager programs to remember your 20 charactor long passwords... Lol.. Never use the same password in multiple places.. Thats it.. no need to buy a book to learn..
Manu
Mix of capital and small letters, numbers and special charactors, Well, dont use the words in dictionary... If you can, use some password manager programs to remember your 20 charactor long passwords... Lol.. Never use the same password in multiple places.. Thats it.. no need to buy a book to learn..
Manu
use a special alt character eg: é and youve already defeated about ¾ of the windows password based tools as there as they dont support them (psexec and cain are a few examples)
| QUOTE (nuorder @ Jul 6 2004, 12:17 PM) |
| use a special alt character eg: é and youve already defeated about ¾ of the windows password based tools as there as they dont support them (psexec and cain are a few examples) |
nuorder,
thats a nice idea m8..
manu
nice article - thx m8 - very helpful
| QUOTE (manu @ Jul 6 2004, 11:36 AM) |
| Use complex passwords Mix of capital and small letters, numbers and special charactors, Well, dont use the words in dictionary... If you can, use some password manager programs to remember your 20 charactor long passwords... Lol.. Never use the same password in multiple places.. Thats it.. no need to buy a book to learn.. Manu |
what ive heard actually from microsoft i believe is to use phrases instead of complex letters and numbers...
for example:
pass: longwalkdownbythebeach
pass: imgonnasexoryou
is gonna be easy to remember, rather then:
pass: b4heiHks8HH
and it would take just as long to brute force (maybe even longer) the phrase instead of random numbers/letters
just my 2 cents
| QUOTE (twistedps @ Jul 9 2004, 06:07 PM) |
| what ive heard actually from microsoft i believe is to use phrases instead of complex letters and numbers... for example: pass: longwalkdownbythebeach pass: imgonnasexoryou is gonna be easy to remember, rather then: pass: b4heiHks8HH and it would take just as long to brute force (maybe even longer) the phrase instead of random numbers/letters just my 2 cents |
LC4 can crack parts of a password so big chance it will find the first 2 passes in a few mins using only dictionary attack, while the last pass will take a few hours
| QUOTE |
| LC4 can crack parts of a password so big chance it will find the first 2 passes in a few mins using only dictionary attack, while the last pass will take a few hours |
He's talking about dictionary cracking...
i think there is pretty simple answer here. dont use words from dictionaries
Looks like a good article, im not going to read it atm, maybe ill do it later.
And you can make passwords with numbers and lethers, use a date u know, and maybe split up a word you know. + At the end u use a spesial special alt character as nuorder wrote earlyer.
Example:
Word: CocaCola
Date: 24/12/2004
Password: 24Coca12Cola2004ä
Not so hard to remember this pass, but a Dictionary attack would not work.
And you can make passwords with numbers and lethers, use a date u know, and maybe split up a word you know. + At the end u use a spesial special alt character as nuorder wrote earlyer.
Example:
Word: CocaCola
Date: 24/12/2004
Password: 24Coca12Cola2004ä
Not so hard to remember this pass, but a Dictionary attack would not work.
yep ZoraX thats a good idea
someone who puts and ALT character at the end of a NON-complex password like happyé would be in trouble as its a common misconception that this will save you even though the keyspace is very large
a good combination wordlist to attack this would be your standard dictionary list combined with a smaller one that has all printable single characters and all numbers up to 999
eg:
superman272
truckeré
computer55
would all be largeish keyspace passwords with some complexity but are very vulnerable to such an attack which wouldnt take much time at all
someone who puts and ALT character at the end of a NON-complex password like happyé would be in trouble as its a common misconception that this will save you even though the keyspace is very large
a good combination wordlist to attack this would be your standard dictionary list combined with a smaller one that has all printable single characters and all numbers up to 999
eg:
superman272
truckeré
computer55
would all be largeish keyspace passwords with some complexity but are very vulnerable to such an attack which wouldnt take much time at all
its can be usfuule tnx.
tip for me to wirte a pssword: use all cahrters like: a-z\A-Z\0-9
g7H9klP4
tip for me to wirte a pssword: use all cahrters like: a-z\A-Z\0-9
g7H9klP4
When possible use a blank character like : "dkl7H js"
Longer then 10 characters and including some nice ones like ñ ¿ and things like that, with numbers too
Example: megustamucholaespañadel2001
Example: megustamucholaespañadel2001
| QUOTE |
| megustamucholaespañadel2001 |
Thats not just a bit extreme
i would want something i can type like first time everytime as well. But chucking a space into a password even stuffs up loftcrack a fair bit so it's not a bad idea
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
