Security and gaming

**CharlesA** · June 15th, 2013

It's a good idea to use a different password for everything, anyhow.

**RadicaX** · June 15th, 2013

That is very true! I am shocked at how many people use one password for everything, and it is almost always something like: password. Then are shocked they were hacked.

**LearnAlways** · June 16th, 2013

Thanks to everyone who responded. I'm less worried now, after reading your replies, and you've provided me with some good information about securing my computer.

**tubbygweilo** · June 16th, 2013

Bruce Schneier has a longish posting with a good few other references on choosing passwords and pass phrases https://www.schneier.com/blog/archiv....html#comments, have a read, a think and then decide if you need to change your existing password policy.

**LearnAlways** · June 18th, 2013

Originally Posted by tubbygweilo

Bruce Schneier has a longish posting with a good few other references on choosing passwords and pass phrases https://www.schneier.com/blog/archiv....html#comments, have a read, a think and then decide if you need to change your existing password policy.

Fascinating read. Thank you.

One thing that I am curious about is how the crackers were able to piece together whole passwords from the hashes of portions of those passwords.

From the post:

The article goes on to explain how dictionary attacks work, how well they do, and the sorts of passwords they find.

Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.

I thought that even the slightest modification to the input of a cryptographic hash function would substantially change the hash. So how were the crackers able to piece-together whole passwords, simply due to their having constituents of those passwords' hashes in their dictionaries? The author of the blog post mentioned that the passfile was hashed with MD5, so maybe that has something to do with it. I was aware that, as the author stated, MD5 was inappropriate for hashing passcodes - although I don't have a good understanding of why that is. I'm new to this stuff. But isn't MD5 still somewhat good for validating the integrity of files (i.e., to verify they weren't tampered with)? So wouldn't a small change to the input of the MD5 hash, still produce a substantially different hash?

**CharlesA** · June 18th, 2013

md5sum is cryptographically insecure.

There are a bunch of stuff out there about it, and one of the better sites I found probably shouldn't be linked to as it was disucssing cracking methods...

Have a read here: http://security.stackexchange.com/qu...ked-since-1996