[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: On passwords, securtiy and real -sweat, blook and tears- life



A.J. Bonnema wrote:
Hi all,

A common problem with passwords are their guessabilty (yes, as a non-native English speaker, I too make up words.....). For instance, even though I have taught my daughter to not use dictionary words, names etc, her password for one of the online accounts got hijacked. What happened was, she used: _____ (five underscores) as a password: arghghgh.

Indeed.

But it did make me think again about the security of my home network. Unfortunately most passwords are dictionary words, that are easy to guess using f.i. the john password guesser program, combined with numbers and if you are lucky a special charactor or two.

One technique which works reasonably well is to use the initial
letters of some phrase which means something to you, but is not
easily guessable. For example, if you happen to like to eat
peach ice cream, then you might use the phrase "My favorite
ice cream is peach, of course." Taking the initials, we get
"mficipoc" as the basis for the password. Add two digits and
a special character to make things a little harder, and get
"mficipoc86[". This is a reasonable password, and yet can
be remembered in a what that "random" characters cannot.

When updating the password, start over with a new phrase,
like "As regards to ice cream, I always like peach",
and get "articialp" for a basis. Or maybe switch to
"Artichoke salad makes the best lunch, usually" giving
"asmtblu". Your imagnation will guide you. I always include a
few non-letters (digits and special characters) just
to make certain that I don't hit a word in any language.

What I wonder about is the following:

* given that all ports are closed to external contact through a physical allbeit consumer oriented firewall, just means I am safe for port-scanners. But does it mean that I am safe from cracker systems / programs? Is there a way to break in, without allowing external contact through one of the ports? (not including trojans and the like).

Any computer with physical access is not secure. If you have a
connection to the outside world, then you only have relative
security (i.e. relative to another machine with a connection,
one has more or less security in regards to a specific attack).

* A second issue is: suppose I would force my family to use really random passwords (like characters picked from a one-time pad). And now suppose I lose my root-password: would I be able to rectify this, without destroying the data?

See above on creating "random" passwords which can be recalled.

As far as fixing a "lost" password, one can use just about any
LiveCD to boot and fix that up. I like Knoppix, but I suspect
that the Fedora Rescue CD can be used just as well for this.

Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]