[Discuss] KeePassX
Ben Eisenbraun
bene at klatsch.org
Wed Jul 24 00:05:33 EDT 2013
On Tue, Jul 23, 2013 at 11:16:06PM -0400, Bill Horne wrote:
> Since my password isn't in a dictionary, and doesn't contain any common
> substitutions that would allow for guessing, I'm not concerned about the
> breach.
Dictionary attacks are kind of... passe. It's all password lists culled
from the numerous other cracked sites and targeted brute force GPU
cracking these days:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
But your basic strategy works okay provided you never reuse a password,
since you can't really ever know what the security on the other side of
a web page you didn't write looks like. Ubuntu salted and hashed their
passwords, but plenty of sites just store them in plaintext or use fast
hashing schemes like MD5 which are quick to brute force with a GPU
cracking tool.
-ben
--
if you can't annoy somebody, there's little point in writing.
<kingsley amis>
More information about the Discuss
mailing list