AnimeSuki Forums

Register Forum Rules FAQ Members List Social Groups Search Today's Posts Mark Forums Read

Go Back   AnimeSuki Forum > General > General Chat

Notices

Reply
 
Thread Tools
Old 2013-02-02, 13:37   Link #26141
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by Dextro View Post
The issue isn't one of "guessing" passwords, it's when lists of hashed passwords are compromised and are reversed using brute force.
It's actually pretty difficult to reverse a SHA1 or SHA256 hash. A much more common tactic is to use "rainbow tables" which provide the hashes for common sequences which are then compared against the list of captured hashes to identify matches. Since most people choose poor passwords this technique can find a lot of matches in a short period of time. Random "salts" can make this method less effective, but who knows how good the developers are who wrote the initial hashing function for some web application. With so many high-profile sites being compromised, it makes me think many development teams do not include a security expert in their midst.

RSA has been working on algorithms that cut a password into pieces and store the pieces on separate servers. Most small-time web sites won't go to those extremes, but it ought to be de riguer for large-scale organizations like Facebook and Twitter which already maintain hundreds of servers.
__________________
SeijiSensei is offline   Reply With Quote
Old 2013-02-02, 13:56   Link #26142
Dextro
He Without a Title
 
 
Join Date: Feb 2008
Location: Lisbon, Portugal
Age: 27
Send a message via Skype™ to Dextro
Quote:
Originally Posted by SeijiSensei View Post
It's actually pretty difficult to reverse a SHA1 or SHA256 hash. A much more common tactic is to use "rainbow tables" which provide the hashes for common sequences which are then compared against the list of captured hashes to identify matches. Since most people choose poor passwords this technique can find a lot of matches in a short period of time. Random "salts" can make this method less effective, but who knows how good the developers are who wrote the initial hashing function for some web application. With so many high-profile sites being compromised, it makes me think many development teams do not include a security expert in their midst.

RSA has been working on algorithms that cut a password into pieces and store the pieces on separate servers. Most small-time web sites won't go to those extremes, but it ought to be de riguer for large-scale organizations like Facebook and Twitter which already maintain hundreds of servers.
Yes, that is true if you're looking to hack "right now" but those rainbow tables have to come from somewhere. I was talking mostly of what the end goal of these hacks are and that is to add more hashes to the pool that ultimately gets cracked and added to said rainbow tables.

Bottom line is: no password is safe indefinitely. Pick good hard to crack ones, don't re-use them and change them regularly.
__________________

Dextro is offline   Reply With Quote
Old 2013-02-02, 14:26   Link #26143
GundamFan0083
Senior Member
 
 
Join Date: May 2009
Location: classified
Quote:
Originally Posted by willx View Post
^ FYI, Bill Gross is one of the co-founders of PIMCO, one of the largest fixed-income investment funds in the entire world. He personally manages PIMCO's "Total Return Fund" the world's largest mutual fund. His words move markets and governments ..

Risk Assets: We can see right now that the low (read: zero real) interest rate environment has propped up the prices of risk assets. So we are right now seeing that risk assets are generating returns close to the bounds of sanity. For example: HYG - this is an index of U.S. high yield bonds is yielding 6.5%. (see: record-low high yield rates -- http://www.forbes.com/sites/splevera...cord-low-6-11/)

Japan Comparison / Stagnant Growth Conclusions: A major concern is that so many liquidity (read: cash, money) is being injected into the system to continue to prevent deflation, that you have dollars chasing investment opportunities. Each additional dollar is getting put into decreasingly profit ventures, this is an issue that has been raised about non-competitive industries, which results in decreasing "real growth" per dollar invested (as well as the continuing survival and expansion of non-competitive industries and businesses) (also see: China's government owned banks vis-a-vis historical Japanese lending standards)

I'm in restructuring, so in this environment, we call it "Extend and Pretend" (play on Amend & Extend) .. Right now, the ominous headwinds portend to the worst case scenarios being people will either stop believing (Boom!) or continuing dragging it along (Stagflation!) (Personal OP that is obviously groundless and uninformed)
Yikes!
Looks like its time to "batton down the hatches, to weather the worst" as it were.
Thankfully my money is all tied up in actual assests (that make money) at the moment.
__________________
GundamFan0083 is offline   Reply With Quote
Old 2013-02-02, 14:56   Link #26144
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Magnitude 6.9 quake on Hokkaido

No tsunami threat and, so far, no reports of death or damage. USGS detailed report

Quote:
Originally Posted by Dextro View Post
Bottom line is: no password is safe indefinitely. Pick good hard to crack ones, don't re-use them and change them regularly.
I wish more sites let you use longer passwords than the 8-15 characters that seems to be the norm. My wifi router uses a complete sentence. Considering that the passphrase is going to be hashed anyway, and the hash is likely to have a known fixed length, why restrict the length of passwords at all beyond a reasonable minimum length?
__________________
SeijiSensei is offline   Reply With Quote
Old 2013-02-02, 15:05   Link #26145
Xellos-_^
Married
 
 
Join Date: Nov 2003
Location: R'lyeh
Age: 38
Quote:
Originally Posted by SeijiSensei View Post
Magnitude 6.9 quake on Hokkaido

No tsunami threat and, so far, no reports of death or damage. USGS detailed report



I wish more sites let you use longer passwords than the 8-15 characters that seems to be the norm. My wifi router uses a complete sentence. Considering that the passphrase is going to be hashed anyway, and the hash is likely to have a known fixed length, why restrict the length of passwords at all beyond a reasonable minimum length?
they should also let users use symbols in the password.
__________________
Xellos-_^ is offline   Reply With Quote
Old 2013-02-02, 15:09   Link #26146
RRW
Unspecified
*Scanlator
 
 
Join Date: May 2010
Location: Unspecified


Quote:
Originally Posted by SeijiSensei View Post
No tsunami threat
Well it's in the middle of snowy island so avalanche?
__________________
RRW is offline   Reply With Quote
Old 2013-02-02, 15:56   Link #26147
SaintessHeart
Ehh? EEEEHHHHHH?
 
 
Join Date: Nov 2007
Age: 25
Quote:
Originally Posted by SeijiSensei View Post
I wish more sites let you use longer passwords than the 8-15 characters that seems to be the norm. My wifi router uses a complete sentence. Considering that the passphrase is going to be hashed anyway, and the hash is likely to have a known fixed length, why restrict the length of passwords at all beyond a reasonable minimum length?
One thing about sentence passwords is that it is easier to crack through social engineering. I once managed to figure out the adminstrator access to a corporate system I worked temp for because the head IT officer is a Star Wars fan : I guessed the password to be "Iamyourdad".

Username and password has to come hand-in-hand to throw the would-be hacker off his/her patience. A username using the initials of the person is more likely to be hacked due to sometimes that the password is gotten but the username is not known.
__________________

When three puppygirls named after pastries are on top of each other, it is called Eclair a'la menthe et Biscotti aux fraises avec beaucoup de Ricotta sur le dessus.
Most of all, you have to be disciplined and you have to save, even if you hate our current financial system. Because if you don't save, then you're guaranteed to end up with nothing.
SaintessHeart is online now   Reply With Quote
Old 2013-02-02, 16:07   Link #26148
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by SaintessHeart View Post
because the head IT officer is a Star Wars fan : I guessed the password to be "Iamyourdad".
Well, "Luke,IamYourfather!" would be a bit more difficult since it contains a comma, an exclamation point, and mixed capitalization. It could have been "Obi-wanKenobi,your'reourOnlyHope!", too. Let's face it, Saintess, you were just lucky.
__________________
SeijiSensei is offline   Reply With Quote
Old 2013-02-02, 16:11   Link #26149
mangamuscle
formerly ogon bat
 
 
Join Date: May 2011
Location: Mexico
Age: 43
Quote:
Originally Posted by SaintessHeart View Post
One thing about sentence passwords is that it is easier to crack through social engineering.
There is no tech defense for social engineering, you can get them drunk and anything goes "put your eye here, good, now put your finger here, good, now lets nuke thw whole world *evil laughter*"
mangamuscle is offline   Reply With Quote
Old 2013-02-02, 16:13   Link #26150
Anh_Minh
I disagree with you all.
 
 
Join Date: Dec 2005
SH: If you do away with the necessity of remembering username and password (meaning you'd have to write it down on something and have that thing with you and see to it it doesn't fall into the wrong hands), you can just use some kind of dongle. Most attempts to be clever fall into the trap described in that xkcd strip above.
Anh_Minh is online now   Reply With Quote
Old 2013-02-02, 16:24   Link #26151
RRW
Unspecified
*Scanlator
 
 
Join Date: May 2010
Location: Unspecified
My password usually some kinda "product code" for example RX-78-2
__________________
RRW is offline   Reply With Quote
Old 2013-02-02, 17:43   Link #26152
SaintessHeart
Ehh? EEEEHHHHHH?
 
 
Join Date: Nov 2007
Age: 25
Quote:
Originally Posted by SeijiSensei View Post
Well, "Luke,IamYourfather!" would be a bit more difficult since it contains a comma, an exclamation point, and mixed capitalization. It could have been "Obi-wanKenobi,your'reourOnlyHope!", too. Let's face it, Saintess, you were just lucky.
Most people are lazy to type passwords too, so rarely people add dashes and commas to it.
__________________

When three puppygirls named after pastries are on top of each other, it is called Eclair a'la menthe et Biscotti aux fraises avec beaucoup de Ricotta sur le dessus.
Most of all, you have to be disciplined and you have to save, even if you hate our current financial system. Because if you don't save, then you're guaranteed to end up with nothing.
SaintessHeart is online now   Reply With Quote
Old 2013-02-02, 17:50   Link #26153
Mr. DJ
Schwing!
 
 
Join Date: Dec 2005
Location: Central Texas
Age: 29
I can't remember if I saw this in a random link or in my YouTube suggestions...but fuck, this is pretty damn frightening...

Mr. DJ is offline   Reply With Quote
Old 2013-02-02, 18:13   Link #26154
Mr. DJ
Schwing!
 
 
Join Date: Dec 2005
Location: Central Texas
Age: 29

Original article

Source 1
Source 2
Source 3
Source 4
Source 5
Mr. DJ is offline   Reply With Quote
Old 2013-02-02, 18:35   Link #26155
Kudryavka
Senior Member
 
 
Join Date: May 2009
Quote:
Originally Posted by Mr. DJ View Post
Great reads. I admit I never knew that...

I don't like the sensationalist "government is against us" nonsense it sprinkles itself with though.
Kudryavka is offline   Reply With Quote
Old 2013-02-02, 19:42   Link #26156
willx
Nyaaan~~
 
 
Join Date: Feb 2006
Age: 30
Not to be "that guy" .. but I'd point out that the "burden of proof" in civil vs. criminal suits are quite different.

In a criminal case, you must prove "beyond a reasonable doubt"
In a civil suit, you must prove "based on the balance of probabilities"
__________________
Nyaaaan~~
willx is offline   Reply With Quote
Old 2013-02-02, 20:03   Link #26157
Kudryavka
Senior Member
 
 
Join Date: May 2009
Quote:
Originally Posted by willx View Post
Not to be "that guy" .. but I'd point out that the "burden of proof" in civil vs. criminal suits are quite different.

In a criminal case, you must prove "beyond a reasonable doubt"
In a civil suit, you must prove "based on the balance of probabilities"
I had this in mind while reading, and yes, there is no guarantee he was actually a pawn of the government. It's just by preponderance of evidence that it seems so. More evidence points to him being affiliated than evidence saying he was not.
Kudryavka is offline   Reply With Quote
Old 2013-02-02, 21:06   Link #26158
Cosmic Eagle
宿命に全てを奪われた少女
 
 
Join Date: Jan 2009
Location: 宿命と時間の巻きに
Quote:
Originally Posted by RRW View Post
Yeah...with passwords, length is key, since it's a machine guessing, not a human.

Sentences mashed together FTW

Quote:
Most people are lazy to type passwords too, so rarely people add dashes and commas to it
Serious...isn't this common?
__________________
Cosmic Eagle is offline   Reply With Quote
Old 2013-02-02, 21:29   Link #26159
SeijiSensei
AS Oji-kun
 
 
Join Date: Nov 2006
Location: Mucking about
Age: 64
Quote:
Originally Posted by Cosmic Eagle View Post
Serious...isn't this common?
Umm, no, not at all.

Quote:
According password management company SplashData, the top three passwords of [2012] are "password," "123456," and "12345678." The company's list of the "25 worst passwords of the year" was compiled using data that hackers have posted online, which are said to be stolen passwords.
All of the passwords in the top-25 list are single lower-case dictionary words, or simple numeric strings like "123123". None have capitalization or use any special characters, nor do they mix numbers and letters.

This is as much a tribute to the stupidity of the developers who permit these passwords to be used as it is to the people who use them.

You can see why using rainbow tables is an effective technique.
__________________
SeijiSensei is offline   Reply With Quote
Old 2013-02-02, 21:42   Link #26160
Mr. DJ
Schwing!
 
 
Join Date: Dec 2005
Location: Central Texas
Age: 29
Some people have terrible memories and choose the simpler things.
Mr. DJ is offline   Reply With Quote
Reply

Tags
current affairs, discussion, international, news

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 03:27.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
We use Silk.