Equipped To Survive Equipped To Survive® Presents
The Survival Forum
Where do you want to go on ETS?

Page 2 of 10 < 1 2 3 4 ... 9 10 >
Topic Options
#268921 - 04/10/14 06:25 AM Re: Might be time to change your passwords [Re: chaosmagnet]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Originally Posted By: chaosmagnet
I'm afraid you're incorrect. This vulnerability is being exploited in the wild.

I hadn't heard that. Now I have. Thanks.

Quote:
Also, the fix for this was released on April 7th.

I remember reading about this bug several weeks ago (a month or more maybe?). And the fix was reportedly available back them. Possibly the fix had been completed, but not made generally available yet. I don't remember the exact details.

Top
#268922 - 04/10/14 06:59 AM Re: Might be time to change your passwords [Re: haertig]
Tjin Offline
Pooh-Bah

Registered: 04/08/02
Posts: 1821
Originally Posted By: haertig
Here is how I do my passwords:

I start out with something that I have bought recently that is easy to remember:
Code:
Ruger .357mag


I rearrange that a little, still easy to remember (notice everything is lowercase now):
Code:
.357rugermag


I replace letters/numbers with their "equivalent". e.g., e with 3, s with 5, a with 8, l with 1, o with 0, etc. I do it both ways ... so e with 3 and 3 with e.
Code:
.es7rug3rm8g


Then I alternate holding the <shift> key down to capitalize every other keystroke:
Code:
.Es&rUg#rM8G


I look at the end result and if it doesn't look random enough, or doesn't end up with upper and lower case letters, digits, and punctuation, I buy something else (yeah!) and start over.

I end up with very strong passwords this way. And they're easy to remember. I should say, the passwords themselves are NOT easy to remember, but the sequence of steps to generate the password from my example seed phrase ".357rugermag" is easy to remember. And the seed phrase is itself easy to remember because it represents some cool item that I recently bought for myself.

The downside to this is that I cannot tell anyone else my password. I cannot even sit down and write it on a piece of paper. I have to have a normal QWERTY keyboard in front of me so I can visually see things as I hunt-and-peck the keys while alternating "shift key up, shift key down, shift key up..."

This is how I do the passwords for stuff that I really need to be secure. But for passwords for the less critical stuff, say for my login here on ETS, I use simpler passwords. I have lots and lots of these less secure, but still decent quality, passwords. Since I can't remember them all in my head, I store them in the "KeePass" application. I have that for Linux, my Android phone, and Windows. I assume KeePass might be available for iPhone and MAC's too, but I don't know for sure. The encrypted database for KeePass is copied transparently between all my devices.

Each shopping_website/bank/etc. that needs to be secure has its own password - they are never the same password shared between sites. But I will admit, for some of the internet forums I visit, like ETS, I occasionally use the same password. That is because the ramifications of somebody hacking my ETS forum account are pretty minor.


Which password are best depends on how you expect it to be hacked. Do you expect a person to randomly guessing a password or a brute force attack.

For a brute force, generally a very long password is good, not necessarily one with complicated letters/signs.

I have separate passwords for impotent things and a few I use on non essential things like forums.
_________________________


Top
#268927 - 04/10/14 02:29 PM Re: Might be time to change your passwords [Re: haertig]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
Originally Posted By: haertig
I remember reading about this bug several weeks ago (a month or more maybe?).

Are you sure you're thinking of Heartbleed? The GnuTLS vulnerability was reported a month ago and mentioned here on ETS.

Top
#268929 - 04/10/14 02:40 PM Re: Might be time to change your passwords [Re: Mark_R]
benjammin Offline
Rapscallion
Carpal Tunnel

Registered: 02/06/04
Posts: 4020
Loc: Anchorage AK
Schozzbott!
_________________________
The ultimate result of shielding men from the effects of folly is to fill the world with fools.
-- Herbert Spencer, English Philosopher (1820-1903)

Top
#268932 - 04/10/14 05:23 PM Re: Might be time to change your passwords [Re: Mark_R]
Arney Offline
Pooh-Bah

Registered: 09/15/05
Posts: 2485
Loc: California
This article reports on the German developer who introduced the vulnerability into OpenSSL two years ago. A trivial coding oversight that has massive potential ramifications.

Top
#268934 - 04/10/14 05:57 PM Re: Might be time to change your passwords [Re: Mark_R]
Denis Offline
Addict

Registered: 01/09/09
Posts: 631
Loc: Calgary, AB
Password strength:

_________________________
Victory awaits him who has everything in order — luck, people call it. Defeat is certain for him who has neglected to take the necessary precautions in time; this is called bad luck. Roald Amundsen

Top
#268944 - 04/10/14 08:29 PM Re: Might be time to change your passwords [Re: Mark_R]
Mark_R Offline
Old Hand

Registered: 05/29/10
Posts: 863
Loc: Southern California
This will evaluate passwords for strength. The results are surpising, some passwords I though were "best" only came back "strong" and vice versa

https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx

Wikipedia has a pretty good article on password strength
http://en.wikipedia.org/wiki/Password_strength#Entropy_as_a_measure_of_password_strength

And just for chuckles, the 25 most common, and worst passwords used in the last year.
http://www.slate.com/blogs/future_tense/..._about_you.html
_________________________
Hope for the best and prepare for the worst.

The object in life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane

Top
#268948 - 04/10/14 09:28 PM Re: Might be time to change your passwords [Re: Mark_R]
haertig Offline
Pooh-Bah

Registered: 03/13/05
Posts: 2322
Loc: Colorado
Originally Posted By: Mark_R
This will evaluate passwords for strength. The results are surpising, some passwords I though were "best" only came back "strong" and vice versa

https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx

Yeah, who would have thought "password" was "medium" and "password123456" was "strong"? Thanks for verifying that, Microsoft!

"aaaaaaaa" also is medium, while "aaaaaaaaaaaaaa" is strong.

Looks like all that stupid Microsoft is doing with that password checker is counting the number of characters. 8 characters - no matter what they are - are considered medium, 14 characters, strong. How brain-damaged is that? But it pretty much illustrates the security model that Microsoft uses in Windows, and explains the rampant security issues constantly being discovered there.

Top
#268963 - 04/11/14 02:14 AM Re: Might be time to change your passwords [Re: haertig]
bluenorth Offline
Stranger

Registered: 06/11/05
Posts: 12
Loc: Ontario, Canada
Try your passwords here https://www.grc.com/haystack.htm
Adding more characters, even if they're the same does appear to make it more difficult to brute-force crack.

Top
#268967 - 04/11/14 03:11 AM Re: Might be time to change your passwords [Re: haertig]
Teslinhiker Offline
Veteran

Registered: 12/14/09
Posts: 1418
Loc: Nothern Ontario
Originally Posted By: haertig

Yeah, who would have thought "password" was "medium" and "password123456" was "strong"? Thanks for verifying that, Microsoft!


Linux is not much better or could be worse. Running password12345 through cracklib-check gives it the "ok" as a password. Yet password123456 or password1234567 gives the result of too simplistic/systematic.

Similarly, 123aaabbb gets the ok from cracklib-check, but 1234aaabbb is too simplistic/systematic.

The design of cracklib-check heuristics can give a false sense of security to the user just like other password checkers/validation programs.
_________________________
Earth and sky, woods and fields, lakes and rivers, the mountain and the sea, are excellent schoolmasters, and teach some of us more than we can ever learn from books.

John Lubbock

Top
Page 2 of 10 < 1 2 3 4 ... 9 10 >



Moderator:  Alan_Romania, Blast, chaosmagnet, cliff 
March
Su M Tu W Th F Sa
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Who's Online
0 registered (), 269 Guests and 21 Spiders online.
Key: Admin, Global Mod, Mod
Newest Members
GallenR, Jeebo, NicholasMarshall, Yadav, BenFoakes
5367 Registered Users
Newest Posts
What did you do today to prepare?
by dougwalkabout
Yesterday at 11:21 PM
Zippo Butane Inserts
by dougwalkabout
Yesterday at 11:11 PM
Question about a "Backyard Mutitool"
by Ren
03/17/24 01:00 AM
Problem in my WhatsApp configuration
by Chisel
03/09/24 01:55 PM
New Madrid Seismic Zone
by Jeanette_Isabelle
03/04/24 02:44 PM
EDC Reduction
by EchoingLaugh
03/02/24 04:12 PM
Using a Compass Without a Map
by KenK
02/28/24 12:22 AM
Newest Images
Tiny knife / wrench
Handmade knives
2"x2" Glass Signal Mirror, Retroreflective Mesh
Trade School Tool Kit
My Pocket Kit
Glossary
Test

WARNING & DISCLAIMER: SELECT AND USE OUTDOORS AND SURVIVAL EQUIPMENT, SUPPLIES AND TECHNIQUES AT YOUR OWN RISK. Information posted on this forum is not reviewed for accuracy and may not be reliable, use at your own risk. Please review the full WARNING & DISCLAIMER about information on this site.