 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Tue, Jul 23, 2013 at 11:16:06PM -0400, Bill Horne wrote:
> Since my password isn't in a dictionary, and doesn't contain any common
> substitutions that would allow for guessing, I'm not concerned about the
> breach.
Dictionary attacks are kind of... passe. It's all password lists culled
from the numerous other cracked sites and targeted brute force GPU
cracking these days:
http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/
But your basic strategy works okay provided you never reuse a password,
since you can't really ever know what the security on the other side of
a web page you didn't write looks like. Ubuntu salted and hashed their
passwords, but plenty of sites just store them in plaintext or use fast
hashing schemes like MD5 which are quick to brute force with a GPU
cracking tool.
-ben
--
if you can't annoy somebody, there's little point in writing.
<kingsley amis>
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
