It's a good idea to use a different password for everything, anyhow.
It's a good idea to use a different password for everything, anyhow.
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
That is very true! I am shocked at how many people use one password for everything, and it is almost always something like: password. Then are shocked they were hacked.
Thanks to everyone who responded. I'm less worried now, after reading your replies, and you've provided me with some good information about securing my computer.
Bruce Schneier has a longish posting with a good few other references on choosing passwords and pass phrases https://www.schneier.com/blog/archiv....html#comments, have a read, a think and then decide if you need to change your existing password policy.
Fascinating read. Thank you.
One thing that I am curious about is how the crackers were able to piece together whole passwords from the hashes of portions of those passwords.
From the post:
The article goes on to explain how dictionary attacks work, how well they do, and the sorts of passwords they find.Steube was able to crack "momof3g8kids" because he had "momof3g" in his 111 million dict and "8kids" in a smaller dict.
I thought that even the slightest modification to the input of a cryptographic hash function would substantially change the hash. So how were the crackers able to piece-together whole passwords, simply due to their having constituents of those passwords' hashes in their dictionaries? The author of the blog post mentioned that the passfile was hashed with MD5, so maybe that has something to do with it. I was aware that, as the author stated, MD5 was inappropriate for hashing passcodes - although I don't have a good understanding of why that is. I'm new to this stuff. But isn't MD5 still somewhat good for validating the integrity of files (i.e., to verify they weren't tampered with)? So wouldn't a small change to the input of the MD5 hash, still produce a substantially different hash?
md5sum is cryptographically insecure.
There are a bunch of stuff out there about it, and one of the better sites I found probably shouldn't be linked to as it was disucssing cracking methods...
Have a read here: http://security.stackexchange.com/qu...ked-since-1996
Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide
Tomorrow's an illusion and yesterday's a dream, today is a solution...
Amazing info man. Thanks!
Bookmarks