"How to Crack (almost) Any Password in Two Minutes"

Although the thread is a bit in danger of going "off topic" I just wanted to say I never knew this was happening. What.. I mean its outrageous they may as well have a camera in your house or something !
I dont know why people just sit around accepting this sort of stuff. Not that we can do anything about it but still.... ah what the heck !
It does make you wonder why they would want to impose a two year sentence if they could crack stuff like PGP but these days I guess they cant keep up with the pace of change. The 5 year sentence obviously referrs to ISP's or server admins who might inform a client. However it could mean - the person under investigation too. sort of like
"and dont tell anyone we threatened to cut your head off with a pen-knife if you didnt hand over the key"

 

That's why we insist on open source for encryption. The community reviews it and then its decided if it works or has holes.

You should worry though when a company sells proprietary encryption. Security through obscurity doesn't work.

 

idea?

what kind of encryption s this?

723118x15231419x231421!

 

Re: idea?

This is a 184 bit Key, probably DESX (Rivest, 1984)

 

I tend not to write passwords down anywhere in or out of my boxes
and employ the obscure mnemonic + substitution method with a specific ruleset which I carefully break in at least one place, but make them quite long


Vm1Cu$#%0Mn1Bv$#%Vm1cV$#%n3M1n1#%

which translates to the latin
amicus omnibus, amicus nemini
(a friend to all is a friend to none)

I then practice them till they become a kinesthetic exercise I can't even write down without typing. Though I know in the back of my head what they are derived from. On occassion Ive had to recreate\recover them from the fallible grey matter stuffed inbetween my ears, but generally its a matter of just finding the "break" in the ruleset

I do write down my rulesets and hide them.

of course if someone where to make me nervous, I might well have a totally fallible memory, and could attempt to recreate a "lost" password for months and months

 

I am "really" impressed with your signature which demonstrates a high level and creative polymorphic mindset!

 

thanx its an original (as far as Im aware, parallel development of such a common cultural icon isnt beyond the realm of possibility)
it was a required flourish of being the ordained tinfoil wearing paranoia prophet to +50,000 gaming heathens

 

CryptoSuite uses two hashes a few thousand times on your password (on slow computers you can notice the "wait" sometimes) so unless a database of "this specific sequence" was stored it would be kind of pointless.

Unless there is a shortcut to do what CryptoSuite does (not known at the moment) when generating hashes from passwords it is very costly for the potential hacker.

What this means is for every password combination they want to try on a CryptoSuite protected file they have to burn a few million cpu cycles instead of only a few hundred. It only increases the time taken to brute force passwords by around 2000 times iirc, which is "nothing" compared to the actual security of the algorithms themselves, but it's better than simply MD5/SHA1/Whirlpooling the password once.

 

Jason,

Thanks for putting my mind to rest regarding CryptoSuite.

 

So the best way to use Roboform would be not to copy and paste the Roboform password, but to write to virtual keybord a managebly complex password each time. Because no keylogger can read the mouseclicks on the virtual keyboard?

Is my conclusion reasonable or did I miss out on something?

Interesting thread though I dont understand much about encryption.

Best Regards

 

I would also keep in mind that while Virtual keyboards may be a good "Bypass" method against Keylogers they are not immune to the much more common "Remote Viewer" Trojans... Which would allow one to see the moving/clicking cursor over each letters, also some virtual keyboard displays the keys being depressed graphically these trojans record/report the event rendering the entire effort useless.

The only real "Protection" one has is to not get infected in the first place and to have a "full security audit" policy together with encryption and the likes... No real alternatives that really work currently exists.

 

Is the viewer trojan more difficult to protect from than keyloggers? Because if products like RF seems pretty good protection of passwords it would be interesting to hear if copy and paste is safer than the virtual keybord?

Best Regards

 

Hello, Rivalen

Regarding RF, not sure what you mean by "copy and paste". Are you referring to the process to initially unlock RF using a master password? The only time I use copy/paste with RF is when I use RF's built-in password generator.

 

Viewer trojans are just as easily intercepted as keyloagers, or alternatively as difficult. They can be made into root kits and cloaked. If a hacker is skilled enough to inject this into a system they more than likely are scoping for far more than just one type of vulnerabilities.

As for Copy & Paste any software capable of monitoring the "Clipboard" can intercept copy and paste operations. If said "copy & paste" content was already encrypted then I guess it would make a difference but as a rule I don't think you will find the "Key" being encrypted itself...

I have included a clip of a commercial "Spy" software's product features... Very unsettling!

 

Yes DandC I was thinking about how to insert the master password into RF in the safest way.

But I feel like I can just do my best with a layered protection and hope one or two of my apps will cause difficulty for the hackers cause the absolutely safe solution isnt there to buy and security is a process in motion.

I dont have any major money or assets to protect reachable via Internet - I suppose hackers cant virtulize our house and send it away in packets over internet - yet.

I will stick to Roboform and my other apps and keep my eyes open here on Wilders.

Thanks for this thread all of you.

 

http://www.morgud.com/news/2006/06/password-auditing-using-ophcrack.htm

Hmm
At least 15 characters
and this is freely available !!