Have you ever seen how high up rollerblades went?
SpikesOtherDog
joined 2 years ago
So, the difference with no numbers and special characters is 52^20 (2x10^34) versus 95^20 (3.6x10^39). There are three reasons this runs into issues.
Pure math indicates that a 20 digit alpha only password with caps sprinkled in is slightly stronger than 12-13 digits of alphanumeric plus caps and specials.
Out of the various people within various organizations I have supported, people have disclosed their passwords to me a breathtaking number of times. It is quite common for people to create a password with only lower characters. That would be 4x10^27, about the same as 14 characters using the full qwerty set.
Either way, we are discussing a password cracking tool running locally attempting to hash your password. You do have a point that 12 thousand years is a very long time to arbitrarily guess a password. Unless something changes where someone can easily access ten thousand cores at a reasonable utility, you are pretty much safe from anyone except state level threats. That would be full time use of that many cores for 37 days at 10k cores, or 9 hours access to a million cores. We just aren't there yet. No clue if this would work better with GPU time, but that would still be a serious system.
Now, I am stepping into old lessons from 2011, and I can't find a great source to back myself up. If I'm wrong, then I have been operating off this misinformation for 15 years and I'd gladly appreciate better information.
The final issue is that since passwords are hashed in chunks, parts of the password could become visible while the rest is being worked on. This could lead to the attacker guessing the rest of the password.
I want to be clear that what I'm about to say only refers to compromised systems where the password database has already been exfiltrated and systems that do not lock or otherwise slow down attackers.
A system where the passwords are inaccessible, requires periodic password changes, enforces complexity, and locks out invalid attempts probably is fine, but I'll get there.
A password cracking tool will typically start with lists of known passwords, then it will move on to dictionary words. If the attacker has any personal information, and the means to add it, they will give priority to that information. Phrases with multiple words are more likely, and will be tested next. These dictionary attacks are run first because on a fast enough system they can crack a password in weeks. Munging standard spelling increases the entropy here, increasing the number of attempts to guess a password.
From here, an attacker must start brute force, which tries to decipher your password one character at a time. Adding uppercase characters doubles the number of characters, but that is still super quick to crack. Adding numbers begins to increase the time, but all this is going to be checked within hours or days depending on the length of the password and the resources the attacker is committing.
Adding special characters significantly increases the amount of time because just the standard (33?) characters characters easily accessible on a common US Qwerty keyboard multiples the checks that many times, per each character in the password.
So, uncommonly misspelled words and sprinkled in characters increase the security of your accounts over just dictionary words. This would guard a person's reputation at work if anyone got their company's AD password file out without notice, as well as one's security if their browser's password store is compromised. Also, some people refuse to follow proper security for convenience, and it is sometimes possible to find a service that will allow rapid password attempts.
Great costume for the ex who wants to belong.
That baby is going to die so many times.
I didn't type this right in the first place, but it DOES bring up a point.
Substituting symbols for letters, we always called it leet speak—but Wikipedia calls it munged—used to be considered safe quite some time ago.
It's better not to use real words because it makes it easier for password cracking tools. If you have to, it is better to mung them, but also misspell them.
pY@zvvuD is much stronger than p@55w0rd, even if it is harder to remember. In the same vein, my bunged password would have been slightly more secure, even if someone had found my pass phrase. But in my case, my password sucked because I would have probably come back trying to put a k at the end. I have munged them like that in the past, but it is extra to remember.
If you have a password vault, use the vault first.
For rotating PC login credentials, I use codified passphrases. They typically meet security needs, are unique and nearly unguessable because it could be ANYTHING in your office, and don't contain dictionary words. Example:
Annual evaluations are due before summer. Be sure to mention the Grodsky project! aeadB4S.Bs2mtGp.
Where did Julie's candy go? I ate it! She'll never know >:D
WdJcg?I8i!Snn>:D
Even if I had a perfectly secure connection, I'm still getting a password from a service that could be tracking me.
Ok, my wife uses it during the winter pretty regularly.
Over the summer it is used occasionally, mostly for pancakes or things.
It might actually get used a few dozen times annually, but it is also 20 years old. We usually run it through the dishwasher, so I can't account for the difference there. Maybe your water is different from ours!
You could buy some acrylic markers and try baking the vessel with the new marks for an hour at 375 F.
You might want to work your way up to the temp over a few hours to prevent shattering.
Also, you could put the glass on a sheet and cover with a mixing bowl up keep the heat more consistent.
I say 375 due to temperature discrepancies in ovens and temperature swings.
The glass could still break, but if you are throwing it away anyway, what does it matter?
Hey, no big deal!
Mostly we use the singular measuring cups. We can't seem to keep them for long because kids are right on stuff. I'm not really sure if I have a full set of cups.
Also, when we cook, it's pretty loose to the recipe. The exception is baking.
I have a Pyrex I have been using for at least 15 years, but I probably haven't used it much more than a dozen times a year.
How do you wash yours?
I don't think he was awake here, but sometimes it is hard to tell.
Eli loves swimming in lakes and rivers. He will lay in a stream and slowly blep up the water. He will, under no circumstances, go into the bath willingly.
Luckily, he is a good gentle boy and will allow me to put his paws in to get into the tub. Once he is washed and rinsed, we dry, and dry, and dry. We have to blow dry him after he is towel-dried or he will mildew.
Being blow dried is also one of his favorite things, which is good because it takes three people half an hour to get it done. It would go faster if I had one of those harnesses that stopped him from laying down and rolling over, but he will will over if you are gentle.
Physical to Virtual is referring back to Physical Clones, 2 sections back on the same page. This page contains the first mentions of physically cloning drives, then when expanding on the topic appears to berate the user for not understanding the material.
I'm pretty sure this book is AI slop. There are several instances where the material is just thrown onto the page and not properly organized.
We are stumped!
view more: next ›
My daughter informed me of the same.
Also, she still wants a pair.