- Status
[citation][nom]tomfreak[/nom]The credit card pin number for online transaction are still 3 numeric digit & it cannot be change LOL, then the ATM machine are still 6 numeric digit, thats how simple our banking system these days. Even my Wifi key is already 63 characters consist of upper/lower case alphabet, numeric and symbols.[/citation]
Oh, just try brute-forcing a credit card processing system or an ATM. You'll be locked out of the system in about three seconds.
Oh, just try brute-forcing a credit card processing system or an ATM. You'll be locked out of the system in about three seconds.
someguynamedmatt
Distinguished
- Feb 7, 2010
- 1,551
- 0
- 20,160
[citation][nom]kkiddu[/nom]What if you have TRANSLTR?[/citation]
Well, then I'd say the world's going to hell a lot faster than I thought it was.
God, and I thought I was the only one thinking that.
Well, then I'd say the world's going to hell a lot faster than I thought it was.
God, and I thought I was the only one thinking that.
killerb255
Distinguished
- Jul 20, 2006
- 326
- 0
- 18,780
The problem is that people are lazy and/or have poor long-term memory. They're not going to use a complicated password if they can help it, and if they're forced to do so, they'll just write it down on a sticky note.
Very informative piece, thank you!
I think I actually have an old ZIP file I password-protected during the P3/P4 era whose password I forgot (even the length, but I believe it was only numbers), if I can still find it, I'll try this one out.
Also, a bit of constructive criticism: you tested mid-to-high-end GPUs, how would, say, ION or Fusion IGPs fare? Also, can the CPU also help distributing the password-breaking load? If yes, it would be very interesting to watch just how much an overclocked hexa or octa-core (with HT on when applicable, obviously) plus a VERY high-end multi-GPU setup (3-way 6990 CF, anyone?) could be able to cough up. Certainly not 90 billion, but still...
Again, great piece. Loved it!
I think I actually have an old ZIP file I password-protected during the P3/P4 era whose password I forgot (even the length, but I believe it was only numbers), if I can still find it, I'll try this one out.
Also, a bit of constructive criticism: you tested mid-to-high-end GPUs, how would, say, ION or Fusion IGPs fare? Also, can the CPU also help distributing the password-breaking load? If yes, it would be very interesting to watch just how much an overclocked hexa or octa-core (with HT on when applicable, obviously) plus a VERY high-end multi-GPU setup (3-way 6990 CF, anyone?) could be able to cough up. Certainly not 90 billion, but still...
Again, great piece. Loved it!
[citation][nom]killerb255[/nom]The problem is that people are lazy and/or have poor long-term memory. They're not going to use a complicated password if they can help it, and if they're forced to do so, they'll just write it down on a sticky note.[/citation]
Poor memory or POOR overcomplicated security.
Most of current companies do is force you to use complicated strong password which is fine, but at same time they screwing up by making you to have different account for each server/system and even having different set of rules on password length and validity and you are basically screwed unless being lucky one in billion with 100% photographic memory.
That's actually what is making biggest security risks because if people cant remember passwords, they start to write them down.
Poor memory or POOR overcomplicated security.
Most of current companies do is force you to use complicated strong password which is fine, but at same time they screwing up by making you to have different account for each server/system and even having different set of rules on password length and validity and you are basically screwed unless being lucky one in billion with 100% photographic memory.
That's actually what is making biggest security risks because if people cant remember passwords, they start to write them down.
grant consulting
Distinguished
- Jun 25, 2011
- 1
- 0
- 18,510
I find it interesting that this review only compares licensed products e.g. WinRAR and WinZip. I think that if the author thought to include the open source 7-Zip product it would have added an additional level for the reader by showing if these products if licensed products hold any real benefit over open sourced products and what are the tradeoffs in terms of security. I believe this type of comparison would have also shown foresight by the author because many people estimate that open source software will hold 50% or more market share in the next 5 years. Another fact is such a contrast would have given another reference point to both WinZip and WinRAR as 7-Zip also utilizes a different algorithm (LZMA or LZMA2) for compression.
[citation][nom]grant consulting[/nom]I find it interesting that this review only compares licensed products e.g. WinRAR and WinZip. I think that if the author thought to include the open source 7-Zip product it would have added an additional level for the reader by showing if these products if licensed products hold any real benefit over open sourced products and what are the tradeoffs in terms of security. I believe this type of comparison would have also shown foresight by the author because many people estimate that open source software will hold 50% or more market share in the next 5 years. Another fact is such a contrast would have given another reference point to both WinZip and WinRAR as 7-Zip also utilizes a different algorithm (LZMA or LZMA2) for compression.[/citation]
Compression has no affect on the speed at which we can break a password. Please read page 8. It's all about transformation invocations.
Compression has no affect on the speed at which we can break a password. Please read page 8. It's all about transformation invocations.
I have a zip file for an old game that is encrypted. The archive also contains a patch which I was able to download from the internet, meaning I can do a known plaintext attack if I can determine the program that compressed the file and compress the known file with that same program and no encryption? Any way to find out the program?
"The only thing that *really* worries me are the choice of security questions sometimes. If you're not allowed to pick your own, the answer would be easy to find on my Facebook page or similar (if I had one ) Mother's maiden name? There's a Facebook page for that."
Never provide an answer to a security question that actually answers the question. That is if you are allowed to set the answer yourself, always choose a different answer. Then the question doesnt matter, it gives no clues to the answer, other then to you.
IE if the question is 'what is your mothers maiden name". Your answer should be ANYTHING other then your mothers maiden name.
) Mother's maiden name? There's a Facebook page for that."Never provide an answer to a security question that actually answers the question. That is if you are allowed to set the answer yourself, always choose a different answer. Then the question doesnt matter, it gives no clues to the answer, other then to you.
IE if the question is 'what is your mothers maiden name". Your answer should be ANYTHING other then your mothers maiden name.
It's interesting to see where this is heading. While the human capacity for memorizing high quality passwords is not changing, the performance of hardware in the consumer sector is expected to show significant gains every year for the foreseeable future.
How hard would it be for a group of networked machines to divide up the task based on range assignment for the simplest variable involved? How well does it scale? If a $1,000 workstation can be built in 2013 that cranks through 5 billions possibles a second, will networking five of these achieve at least a 4x gain? Going from a year to under three months to gather evidence from a seized PC for a federal prosecution makes a $10,000 investment sound quite reasonable.
How hard would it be for a group of networked machines to divide up the task based on range assignment for the simplest variable involved? How well does it scale? If a $1,000 workstation can be built in 2013 that cranks through 5 billions possibles a second, will networking five of these achieve at least a 4x gain? Going from a year to under three months to gather evidence from a seized PC for a federal prosecution makes a $10,000 investment sound quite reasonable.
That password thing its stupid, i protected a video Nasty video and pics years ago, i just lost it because the file is there, but it was compress with winrar with a 28 character password that includes all ascii table characters, actually they are 22 different character aprox 22^28=3.8e37 just way too many for my old amd 4000+ to decode it, im saving the file for something like 20 o 30 years in the future, but i dont believe that the crackers f that time will be compatible with such old files
Martin Thomson
Honorable
- May 21, 2013
- 7
- 0
- 10,510
- Status
TRENDING THREADS
-
-
-
-
News SSD capacity could quadruple by 2029 — 8Tb NAND will bring big and affordable SSDs to the market- Started by Admin
- Replies: 8
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
-
Question HELP! Abnormal sleep, shutdown and powered off state behavior of my PC
- Started by syjxsk
- Replies: 0
Facebook
Twitter
Instagram