[ale] OT - New encryption technology using a piece of paper

JD jdp at algoloma.com
Sat Sep 3 20:24:23 EDT 2011


> Good response.  Reminds me that its about time for me to change my
> passwords.  (As much as I hate password change requirements, I can't
> trust most websites to not have lost hashes at some point.)
> 
> I understand you have an incredible memory (wish I did) but is it good
> enough for all your passwords, or do you store them somewhere?  If so,
> what do you use to store them?
> 
> I currently use KeePassX, and my only complaint is that it has no
> browser integration (thought that might be a good thing, depending on
> the attack scenario).

I also use KeePassX (and compatible other options on other systems) for
all but 3 of my logins. I couldn't tell you any other passwords and I
probably can't type them.  Most are 45+ characters randomly generated by
the tool.  The few that aren't long and random are from logins that
don't allow it.  For example, the router for out business ISP (their
equipment) has some of the dumbest rules and lack-of-length requirements
that I've ever seen, only banks are worse.

As long as we are talking about cracking passwords, at the last
OuterZ0ne, one of the speakers was a professional password hacker. His
talk explained "why your password  policies suck".  Here's the vieo of
his talk:
http://www.irongeek.com/i.php?page=videos/outerz0ne-2011-hacker-con#Pure_Hate_-_Why_your_password_policy_sucks

Basically, passwords less than 12 characters are a joke these days if
the database gets out.  It has been 6 months, but I recall that in a few
hours, his team has cracked 40% of the passwords on a system with 1000+
users.


More information about the Ale mailing list