Your password is now easier to crack than you think : comments.
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
|
1
|
2
|
3
|
||||
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
|
11
|
12
|
13 |
14
|
15
|
16
|
17
|
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
|
25
|
26
|
27
|
28
|
29
|
30
|
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Heh
Anyway, salting the encrypted password is the key. As one security person put it bluntly regarding rainbow tables: No modern password scheme is vulnerable to them. Unix has had a "modern" scheme since 1976. Of course, Windows doesn't happen to have a modern password scheme.
And once again, long enough passphrases are key; the rainbow table has a finite length, and if it doesn't cover passphrases as long as yours, it can't crack your passphrase.
Re: Heh
But, most corporations run Windows (I use *nix, but still a lot of the major companies run on Windows). On top of that due to the proliferation of HyperActive Directory al lot of UNIX accounts now have uid/pwd in AD. Thus if you hack AD, you get all the UNIX passwords too. Ptacek is right, when talking about coding for websites, where your password scheme can be homemade and designed on sense.
As for length, I agree... my PGP passphrase has been in the double digits since I started using it. But even that is just a matter of time and technology. Salted passwords help, no doubt, securing anything important 2-factor is a must at this point, as you said. In fact, the PCI requirements for corporations now include 2-factor authentication.
Re: Heh