Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.os.linux.misc > #24244
| From | Jean-David Beyer <jeandavid8@verizon.net> |
|---|---|
| Newsgroups | comp.os.linux.misc |
| Subject | Re: random passwords |
| Date | 2018-08-23 10:39 -0400 |
| Organization | NewsGuy.com |
| Message-ID | <plmgum0o30@news1.newsguy.com> (permalink) |
| References | (2 earlier) <plko2r$i9f$1@tncsrv09.home.tnetconsulting.net> <plkv63$ab3$1@dont-email.me> <pllofa$fbr$1@news1.tnib.de> <plm57g$p91$2@dont-email.me> <878t4xgouh.fsf_-_@miko.siamics.net> |
On 08/23/2018 10:05 AM, Ivan Shmakov wrote: >>>>>> Rich <rich@example.invalid> writes: > > > For password auth, if a proper length, properly random, password > > is utilized, the space of possible keys (passwords) is already large > > enough that even with knowledge of the username, an attacker will not > > guess the password in any reasonable timeframe. > > > Sadly, too many folks passwords are much too weak (not proper length, > > not randomly generated) > > I'm actually curious on what recent research says about the > amount of randomness that one should have in one's password? > (Or, to put it other way around, how simple one password has > to be for it to be possible to break it in reasonable time > under one threat model or another?) > > For instance, there's an entire class of passwords, such as > ghjDthrf1 and gf!Hjkm, which, while most certainly /not/ random, > would require some rather specific assumptions about the targeted > user to guess correctly in a reasonable number of attempts. I use passwords that look a little like that. For example, here is one I used to use to log into some place: BkdMifjRpkaLdX My guess is that it is pretty random. The way I produced it includes digits and many special characters. By chance, it did not use any for this one, but the attacker would have had to try them anyway because they might have been there. And now it is too late and I will not use that one again. > > The obvious problem with completely random passwords is that > they generally require some means to store them securely, and > these means in turn may become both an attack vector and a > single point of failure. Even passwords such as the one above can be memorized, though I have other backup means, since the memory device is certainly a point of failure: not of divulging the secret, but possibly being unable to retrieve it when necessary. Passwords can be exposed at three different places: at the location of the sender, during transmission, and at the destination. Now properly implemented destinations these days no longer store passwords, but a fixed piece of text encrypted with the password. When a proposed password is presented, the fixed text is encrypted with the password and the result compared. If this is done, there should be little risk if the black hats get access to those encrypted texts. As far as sniffing them during transmission is concerned, using means such as ssl should make getting the clear versions difficult. So the problem is only at the site of the sender. If the sender keeps the clear passwords in an ordinary file, it is surely exposed to risk, if the file ever falls into the hands of the black hats. But do not users these days keep their encrypted passwords in encrypted files, on encrypted thumb drives that are not just left plugged into their machines? I keep mine on post-it notes stuck to my monitor. (Just kidding.) -- .~. Jean-David Beyer Registered Linux User 85642. /V\ PGP-Key:166D840A 0C610C8B Registered Machine 1935521. /( )\ Shrewsbury, New Jersey http://linuxcounter.net ^^-^^ 10:20:01 up 8 days, 2:38, 2 users, load average: 4.93, 5.08, 4.98
Back to comp.os.linux.misc | Previous | Next — Previous in thread | Next in thread | Find similar
Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Nobody <noreply@mixnym.net> - 2018-08-22 16:44 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-22 22:04 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-22 16:22 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 00:29 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Arlen Holder <arlenholder@nospam.net> - 2018-08-23 01:37 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 09:41 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Rich <rich@example.invalid> - 2018-08-23 11:19 +0000
random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 14:05 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 10:39 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 16:33 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:57 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:07 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-23 09:47 -0500
Re: random passwords Wouter Verhelst <w@uter.be> - 2018-08-24 10:16 +0200
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:46 +0100
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-24 09:19 -0400
Re: random passwords Daniel60 <daniel47@eternal-september.org> - 2018-08-25 21:57 +1000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-25 13:32 +0100
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-25 20:05 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 15:50 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 16:40 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:12 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-08-23 18:49 +0100
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-09-01 13:45 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-09-01 15:02 +0000
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-09-01 16:54 +0000
Re: random passwords Richard Kettlewell <invalid@invalid.invalid> - 2018-09-04 07:37 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 15:12 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-23 12:49 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:18 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:27 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:44 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:38 -0600
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:47 -0600
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 02:20 +0000
Re: random passwords Jasen Betts <jasen@xnet.co.nz> - 2018-08-24 05:10 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 02:32 +0100
Re: random passwords Rich <rich@example.invalid> - 2018-08-24 01:56 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:37 +0100
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 20:13 -0600
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-24 11:42 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 11:55 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 08:37 -0400
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-24 13:51 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-24 12:41 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-25 02:03 +0000
Re: random passwords Java Jive <java@evij.com.invalid> - 2018-08-25 11:32 +0100
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-25 07:49 -0400
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:12 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-27 23:40 +0000
Re: random passwords Paul <nospam@needed.invalid> - 2018-08-27 20:10 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 00:17 +0000
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-27 20:52 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-27 22:31 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 10:23 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-28 14:45 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-28 23:00 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 01:22 +0000
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 07:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:37 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 12:25 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 19:35 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-29 17:46 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 06:53 +0100
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-30 07:48 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-30 19:07 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-31 00:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-31 03:10 +0100
Re: random passwords Chris Elvidge <chris@mshome.net> - 2018-08-31 12:26 +0100
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-29 23:36 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-29 11:35 +0100
Re: random passwords not@telling.you.invalid (Computer Nerd Kev) - 2018-08-29 23:45 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-24 18:07 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-24 20:27 +0000
Re: random passwords Bud Frede <frede@mouse-potato.com> - 2018-09-03 07:23 -0400
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:02 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 17:25 +0000
Re: random passwords William Unruh <unruh@invalid.ca> - 2018-08-23 17:32 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-23 17:46 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-23 18:07 +0000
Re: random passwords Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 12:51 -0600
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-24 02:35 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 11:13 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 17:24 +0000
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-25 13:17 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-25 20:27 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-25 21:28 -0500
Re: random passwords Jean-David Beyer <jeandavid8@verizon.net> - 2018-08-26 01:19 -0400
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 13:43 +0000
Re: random passwords Ivan Shmakov <ivan@siamics.net> - 2018-08-26 14:15 +0000
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 15:18 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 09:30 -0500
Re: random passwords Michael Black <mblack@pubnix.net> - 2018-08-26 11:44 -0400
Re: random passwords John Hasler <jhasler@newsguy.com> - 2018-08-26 16:40 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords Allodoxaphobia <knock_yourself_out@example.net> - 2018-08-28 13:29 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-28 14:32 +0100
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:17 +0100
Re: random passwords Melzzzzz <Melzzzzz@zzzzz.com> - 2018-08-27 06:21 +0000
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 08:15 +0100
Re: random passwords Roger Blake <rogblake@iname.invalid> - 2018-08-27 22:44 +0000
Re: random passwords azigni <azigni@yahoo.com> - 2018-08-26 12:55 -0600
Re: random passwords Charlie Gibbs <cgibbs@kltpzyxm.invalid> - 2018-08-26 19:19 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 16:09 -0500
Re: random passwords Rich <rich@example.invalid> - 2018-08-26 21:32 +0000
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 21:11 -0500
Re: random passwords The Natural Philosopher <tnp@invalid.invalid> - 2018-08-27 07:19 +0100
Re: random passwords Doug McIntyre <merlyn@dork.geeks.org> - 2018-08-26 00:41 -0500
Re: random passwords Robert Heller <heller@deepsoft.com> - 2018-08-26 06:48 -0500
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Marc Haber <mh+usenetspam1118@zugschl.us> - 2018-08-23 19:49 +0200
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Bud Frede <frede@mouse-potato.com> - 2018-08-26 18:52 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-27 00:06 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Dan Espen <dan1espen@gmail.com> - 2018-08-26 21:01 -0400
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-23 16:59 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-23 18:46 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 13:03 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 00:33 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 18:43 -0600
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Eli the Bearded <*@eli.users.panix.com> - 2018-08-24 05:16 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades Grant Taylor <gtaylor@tnetconsulting.net> - 2018-08-23 23:43 -0600
secure file distribution Ivan Shmakov <ivan@siamics.net> - 2018-08-25 17:05 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades William Unruh <unruh@invalid.ca> - 2018-08-24 02:26 +0000
Re: Vulnerability Affects All OpenSSH Versions Released in the Past Two Decades elvis-85650@notatla.org.uk - 2018-08-23 19:06 +0000
csiph-web