Improve the security on your system...

[WoodiE55]

Hey guys and gals, I found two things i believe that will help improve your security, by using better passwords.

1st. - UNCRACKABLE PASSWORDS

2nd. - A Program to test your passwords


I use at least two set of the Uncrackable passwords on my system (win2k) and L0pht's status says it will take 110 days to crack. Not to shaby for a 7 char. password.

just my $0.02


WoodiE

 

[VBboy]

It does not matter how "good" your password is. You, my friend, need to do some reading on security and password cracking

Let's assume you have a 7-character password that ONLY uses letters and digits, and the system is case-sensitive:

TotalPossiblePasswords = (26 + 10) ^ 7 = 36 ^ 7 = 78364164096 passwords.
Now, assume the computer used for cracking is capable of testing 5,000,000 passwords per second. It means that it will take it 4.35 hours to crack. (That's assuming the cracker knows the password's length).

It's a simple combinatorics problem.

No password is better than a random one.
For 7 characters, randomly pick 4 letters and 3 digits, mix them up, and you're good to go.

** Edited to include the smiley face on the top for increased friendliness

 

[MortaniuS]

I think the point was to use special characters.

 

[VBboy]

I want to see you write down those special characters on a piece of paper so that you can type them in when needed

 

[WoodiE55]

Its very obvious he didnt click on the links and read the thread.



WoodiE

 

[inqztive]

cute

 

[ibshort86]

VBboy, ur calcs are wrong. You know you can use capital letter's as well as lowercase, so ur eqn. would be 62^7

 

[HJB417]

and if you use win2k, you can set account lockouts, like mine is 9000min after 10 failed logins, this doesn't affect the true administrator account though =(.

 

[NiPeng]

Blah


<< Incorporating any one of these 187 characters into your password instantly makes it uncrackable to L0phtCrack. It doesn't matter how long the password, since the use of just one of these characters automatically means that it can't be cracked.

Now this isn't to say that at some time in the future, there might be a tool that could check for these characters and resolve hashes for them. In fact, that tool may already exist, but we just haven't been made aware of it yet. As far as we know, this writing is the first publicity this research has received anywhere.
>>

 

[NiPeng]

<< and if you use win2k, you can set account lockouts, like mine is 9000min after 10 failed logins, this doesn't affect the true administrator account though =(. >>

You should deny your admin account network access.

Edit: Windows NT also has account lockouts.

 

[Soybomb]

Passwords are a good start, but security has many many more aspects. I think alot of boxes are rooted due to carelessness more than bas passwords. No matter if its an exploit in an unpatched server the machine is running or the administrator using telnet to login to the server across the network, there are other arguably more important things than a ultra secure password to me. I'd take a pretty good 6 character password and a full array of patches then an 8 character ultra secure password that has only had a few of the patches applied

 

[PG]

Hey, that's pretty cool!
I'm going to look into it.
I wonder if anything like that exists for Linux?

 

[WoodiE55]

The L0pht Crack does exist for linux...As Passwords DO make a big part of security. I work for a place that builds and repairs computers, and just last week an NT 4 system came in with NO admin password. From the research i have done that seems to be a big problem...password, passwords that are weak, no password, or passwords on sticky notes on the monitor.

Anyway...use this, its a neat trick and it works.



WoodiE