Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #24244
| Path | csiph.com!feeder.erje.net!2.eu.feeder.erje.net!newsreader4.netcologne.de!news.netcologne.de!peer02.ams1!peer.ams1.xlned.com!news.xlned.com!peer02.am4!peer.am4.highwinds-media.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!spln!extra.newsguy.com!newsp.newsguy.com!news1 |
|---|---|
| From | Jean-David Beyer <jeandavid8@verizon.net> |
| Newsgroups | comp.os.linux.misc |
| Subject | Re: random passwords |
| Date | Thu, 23 Aug 2018 10:39:17 -0400 |
| Organization | NewsGuy.com |
| Lines | 70 |
| Message-ID | <plmgum0o30@news1.newsguy.com> (permalink) |
| References | <plklfo$4kg$1@news.mixmin.net> <plkmm8$t79$1@dont-email.me> <plko2r$i9f$1@tncsrv09.home.tnetconsulting.net> <plkv63$ab3$1@dont-email.me> <pllofa$fbr$1@news1.tnib.de> <plm57g$p91$2@dont-email.me> <878t4xgouh.fsf_-_@miko.siamics.net> |
| NNTP-Posting-Host | p536a5958cfe4a761e0f0b9098de5fba86cfc787206b9bff2.newsdawg.com |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8 |
| Content-Transfer-Encoding | 8bit |
| Openpgp | preference=signencrypt |
| Autocrypt | addr=jeandavid8@verizon.net; keydata= xsBNBFC6BkUBCADjWI4CqM1+YopY3HwBmh7kRa0mpYYMaHgWRU+EptjEWm3h8Ol3hH2f90Uu hDk2Q4vo7DqKlHUhXZbB5srJkrBfWjrvgDm3kRQCs6zh3X4L1Fiun7FkpHZYyi7q08sKfD+M 4Wlh1c/N8LEI+MUy8BRpwm5hYIUuJBEfVGrRPfkfP2x1BpYANbbr1S6iO9bsSjavQZQuYAVI sPwY+FlTW/WiV+OmsaFGlmvogf54oxefw/mMcmga2cb5LAuCTOU1ZDd5CqTS4dQj6fVZMq66 iSLHZU5GPANdNQI0VQknEqtDygHWwEIoksOvZr5BBwtcYopi23gvycFn4zBJfcqveBL7ABEB AAHNTEplYW4tRGF2aWQgQmV5ZXIgKEluc3RpdHV0ZSBmb3IgUmVnaW1lbnRlZCBXaGltc2V5 KSA8amVhbmRhdmlkOEB2ZXJpem9uLm5ldD7CwHgEEwECACIFAlC6BkUCGwMGCwkIBwMCBhUI AgkKCwQWAgMBAh4BAheAAAoJEBZthAoMYQyLZKwH/1hjJYTMYIsqCbh4/rycAbNwZo5+//IC U3K5A2PRqryy4iYYGPFGX6AP4LiliDHplm5iSMTfaJThWAev2yGJVqtVm4tXY8pG+CpOIuIl aJKhIRb866hZ3p1hW90mS5Ei8UDBh7LcSqiMW6ZrdWlQP+AXWYgZEihLyjANZMkVcYFebg0M 8hl8jyYgwGv1ui05C1thyjPHcHJl+VC2pX3vMoo5v1Cn9tWCD9oj3QOMq9fveowLOmVs+LAB ltvqS9xqTo8hlRG1uqMgHrI4oZwYPIi+bOb6wnu6a8KurJO0LWKbLGnlh8WrIWcKK2GvPcP+ ptAb5c9v4ZFnv7WcvvIK+ifOwE0EVui0YwEIANInFfnAdeVu1qaMwvZHce+XXkoD2POmCZ9H wlFOvMkKGkS0zF7YhDy2MWBguYgIuzeMlLPoN8HODoKJkSQI7iUDzpuhQL8xKlI2rc4ObChJ oqWhYu7n6hI3voQ4M2T4JQwLWP23y56x6eJ4xXNUvIEcy3u/a7PjmFRomxSbhLKLAr8CpVI1 dciJ7WWimJANAv9D4gtE1TGkFzfef8OixK/h3ZAdvPWEE/sh5IOvBIBebmS1kCzMVpZAkoJG kjUMS1TVBYBPrC90Eg82/qMtc2dbmp1pBWBkqv1WKSr2CoeeVAdAlj91B00oiDcC/ws/4ZPe 9U5s1juohrsF9nFgsaEAEQEAAcLAZQQYAQIADwUCVui0YwIbDAUJCWYBgAAKCRAWbYQKDGEM i0LlB/wI7kYGKIWR5JTTSurgUsjWDzrZ1QlqGvBEwo8ZRBnh205mEHYoo0xZUSj7nSOa2X5y AXsvJAXVedLbsv1TE7kGVkZdzmAEH8S7aebalVympv/uMSJBWDWYxhR1VBcMVe1Gk1Ncmt5X 7Kbx46viWDRfhpQgIB1g5VF6DSOI3lN+hAqWBYP8JXyyhiWh9I+7/l7crpIkD+cUYP+kJu83 7p/xm795KrQtjZ/iMaldcVHD/PUvqg2Fs9/GB8JIayE8+4khXD1+SKlGzwwZM+6rWcOrvZ9C +L9no/BfdGtJQfgDg5cqh+Ex3KyI4RvYXHUops06wNpv8lsq3Q2EK3MIjL/4 |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 |
| In-Reply-To | <878t4xgouh.fsf_-_@miko.siamics.net> |
| Content-Language | en-US |
| X-Received-Bytes | 6067 |
| X-Received-Body-CRC | 1363306859 |
| Xref | csiph.com comp.os.linux.misc:24244 |
Show key headers only | View raw
On 08/23/2018 10:05 AM, Ivan Shmakov wrote: >>>>>> Rich <rich@example.invalid> writes: > > > For password auth, if a proper length, properly random, password > > is utilized, the space of possible keys (passwords) is already large > > enough that even with knowledge of the username, an attacker will not > > guess the password in any reasonable timeframe. > > > Sadly, too many folks passwords are much too weak (not proper length, > > not randomly generated) > > I'm actually curious on what recent research says about the > amount of randomness that one should have in one's password? > (Or, to put it other way around, how simple one password has > to be for it to be possible to break it in reasonable time > under one threat model or another?) > > For instance, there's an entire class of passwords, such as > ghjDthrf1 and gf!Hjkm, which, while most certainly /not/ random, > would require some rather specific assumptions about the targeted > user to guess correctly in a reasonable number of attempts. I use passwords that look a little like that. For example, here is one I used to use to log into some place: BkdMifjRpkaLdX My guess is that it is pretty random. The way I produced it includes digits and many special characters. By chance, it did not use any for this one, but the attacker would have had to try them anyway because they might have been there. And now it is too late and I will not use that one again. > > The obvious problem with completely random passwords is that > they generally require some means to store them securely, and > these means in turn may become both an attack vector and a > single point of failure. Even passwords such as the one above can be memorized, though I have other backup means, since the memory device is certainly a point of failure: not of divulging the secret, but possibly being unable to retrieve it when necessary. Passwords can be exposed at three different places: at the location of the sender, during transmission, and at the destination. Now properly implemented destinations these days no longer store passwords, but a fixed piece of text encrypted with the password. When a proposed password is presented, the fixed text is encrypted with the password and the result compared. If this is done, there should be little risk if the black hats get access to those encrypted texts. As far as sniffing them during transmission is concerned, using means such as ssl should make getting the clear versions difficult. So the problem is only at the site of the sender. If the sender keeps the clear passwords in an ordinary file, it is surely exposed to risk, if the file ever falls into the hands of the black hats. But do not users these days keep their encrypted passwords in encrypted files, on encrypted thumb drives that are not just left plugged into their machines? I keep mine on post-it notes stuck to my monitor. (Just kidding.) -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 10:20:01 up 8 days, 2:38, 2 users, load average: 4.93, 5.08, 4.98
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Nobody <noreply@mixnym.net> - 2018-08-22 16:44 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-22 22:04 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-22 16:22 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 00:29 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Arlen Holder <arlenholder@nospam.net> - 2018-08-23 01:37 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 09:41 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Rich <rich@example.invalid> - 2018-08-23 11:19 +0000
random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 10:39 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 16:33 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-25 20:05 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-26 19:19 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 19:49 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Bud Frede <frede@mouse-potato.com> - 2018-08-26 18:52 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-27 00:06 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Dan Espen <dan1espen@gmail.com> - 2018-08-26 21:01 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 16:59 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-23 18:46 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 13:03 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 00:33 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 18:43 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 05:16 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 23:43 -0600
secure file distribution Ivan Shmakov <ivan@siamics.net> - 2018-08-25 17:05 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-24 02:26 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades elvis-85650@notatla.org.uk - 2018-08-23 19:06 +0000
csiph-web