[ale] evernote security breach
JD
jdp at algoloma.com
Tue Mar 5 08:10:16 EST 2013
On 03/05/2013 07:37 AM, Watson, Keith wrote:
> Ron,
>
> Use a pass phrase. They are easy to type and when they reach 15 characters or
> more, very difficult to crack.
>
> Example pass prase:
>
> OK so you think you can brute force this pass phrase. Good luck.
>
> Like I said easy to type and remember, very difficult to crack. It would be
> easier use rubber hose cryptography to get the pass phrase.
It is all about the size. Remember, the people trying to crack our passwords
* do not know how long the password/passphase is
* do not know which alphabet we are using
* Assume certain patterns will be used. (because most passwds follow these)
http://blog.jdpfu.com/2011/08/30/easy-technique-for-secure-easy-to-type-passwords-size-matters
has some thoughts on this. I summarize how passwords are cracked so we can avoid
creating passwords that fit those patterns.
* everything else being the same, size matters most.
Do not reuse your "good passphrase" between KeePassX and any login - especially
a Windows login.
5 yrs ago, people used multiple supercomputers to crack passwords that (4) $500
GPUs handle today. What happens when a $500 GPU does 20x-100x more in 5 more
years? Length is the only way to combat these sorts of improvements. Clearly,
if there are other flaws in the encryption, those will be used first, but most
of us do not control that aspect. Size is all we can control.
More information about the Ale
mailing list