37d6e8c88a bcs • June 7, 2013 10:59 AM Mrs. By comparison, a traditional random mixed-alphanumeric password reaches a comparable entropy at only eight characters long: log(62^8). I've told people to use them in certain high risk intranet type settings. Jonadab • June 12, 2013 7:36 AM > which is safer, an encrypted "password > safe" that malware will know to . The way to avoid the above problems is to use a better method of 2-factor authentication. There are tons from physics, math, chemistry, etc. Two-Factor Suggester • July 16, 2013 9:31 AM Online Security Against Password Hackers One method of online security against password hackers is known as 2-factor authentication. Method Not Allowed . Without direct access to a password file, life becomes much more difficult for an intruder.
That would yield an entropy number of somewhere around log(dictsize * 2000^3). Somebody • June 7, 2013 4:07 PM Why do people discuss passwords without mentioning entropy? The following passwords were all generated using the same random number but different transformation rules and are therefore equally strong (or weak). Attackers clearly have caught onto the fact that many people are throwing *one* complex element into an otherwise bland password and expecting that to protect them by increasing the complexity of the whole thing. Note that the larger the class 1 dictionary is, the less feasible it is to guess slight variations of the contained words. Ironically, the Ars article profiling that GPU cluster was actually linked on the second page of the article in the OP (I just hadn't gotten to that page yet ;)) (And on another side note, in that article they actually give a shoutout/recommendation of Password Safe.) I would be interested to know how such a cluster would fare against PBKDF2, as that seems to be the more popular of the "secure" functions, being incorporated by both Password Safe and LastPass, as well as several encryption programs including TrueCrypt and LUKS, and even everyday use areas such as WPA, OS X, and iOS. Any site with info that's worth protecting should have multiple layers of security in front of that file. Personally, I think there comes a point where you have to say "good enough". I figure if someone manages to get past the outer encryption cipher, they'll look at the stream and realize there's more work to do. 'Password1' is a somewhat complex password since it has uppercase, lowercase & numerals. These attacks are compromising passwords like ilovetofunot, which would have an entropy of 39 if cracked via brute force and about the same entropy using a single dictionary that includes the word "tofu" but contains only twenty thousand words (which is rather unlikely; I suspect any dictionary with "tofu" in it that's not specifically limited to food or Japanese culture will have significantly more than twenty thousand entries).
Geralmar replied
500 weeks ago