Go to Post I am a mechanical engineer. I have known since I was about 12 that I wanted to make complicated mechanisms. - Paul Copioli [more]
Home
Go Back   Chief Delphi > CD-Media > White Papers
Reload this Page Basic Password Security
CD-Media   CD-Spy  
portal register members calendar search Today's Posts Mark Forums Read FAQ rules

photos

papers

everything



Basic Password Security

DonRotolo

By: DonRotolo
New: 14-06-2007 18:00
Updated: 14-06-2007 18:00
Total downloads: 581 times


Brief tutorial on creating a secure password system

The need for password security is explained. A simple and flexible but very powerful system for creating very strong passwords is presented. A method to ensure no two passwords are the same, while making each password easily memorized, is given. Anyone who uses passwords should read this!

Attached Files

  • doc Basic Password Security

    Basic Password Security.doc

    downloaddownload file

    uploaded: 14-06-2007 18:00
    filetype: doc
    filesize: 23.5kb
    downloads: 579



Recent Downloaders

  • Guest

Discussion

view entire thread

Reply

15-06-2007 09:13

Jeff Rodriguez


Unread Re: paper: Basic Password Security

Good topic.
You may also want to listen to episode 4 of Security Now. They discuss this same topic and coming up with a personal password policy.
Edit: They talk more in episode 5 also.

Admittedly, I use about 3 or 4 passwords for all my different accounts. I'm going to try and come up with a good password policy.



15-06-2007 09:21

vivek16


Unread Re: paper: Basic Password Security

brings up some good points. i personally have a weak password for all the sites that do not matter as much but i have a stronger form of it (using capitalization and numbers) for the websites like my email and stuff like that. i think i will change them.

thanks, vivek



15-06-2007 10:17

GaryVoshol


Unread Re: paper: Basic Password Security

The problem of having a basic password with variations based on the site, account, etc is that some sites have their own rules for passwords. It must be exactly X characters long or some other such restriction. I like the concept though - I sure have difficulty remembering all my passwords when I go to pay my monthly bills online.



15-06-2007 10:38

Pavan Dave


Unread Re: paper: Basic Password Security

Quote:
Originally Posted by GaryV1188 View Post
The problem of having a basic password with variations based on the site, account, etc is that some sites have their own rules for passwords. It must be exactly X characters long or some other such restriction. I like the concept though - I sure have difficulty remembering all my passwords when I go to pay my monthly bills online.
I've been using the same password since I started the internet and my father gave me my first E-mail account. Than for gaming i started using another set of passwords due to security reasons. I think now that I have quit gaming I need to mod up my regular passwords. I like the 'system' you mentioned. Its a great idea, and even if you have a 'core' word and you don't modify it between sites, at least remember there are different types of security involved with different types of sites. Although even if somebody gets your password on CD they can ruin your name, most of us might know who you are, or we have logs to check. But certain sites have strict systems of instant banning and at that, for many sites it is hard to vouch who you really are in the first place. And than don't get me started on your banks and other VERY important passwords. Those should be a class all of their own and should never be copied anywhere. That might be part of my system if I get tired of 100000 passwords: three or four levels of security requiring different types of passwords. EX: L1 - Same pass, L2 - Different but similar, L3 - Different, no link what so ever.

Also keep in mind that although it has been common for gaming and clans, there has been an exponential increase in the amount of brute force programs being created and being used, so keep that in mind next time you make your password, characters like "Æ, æ, ™ " are not usually put in those algorithms. For more information on ALT + NUM keys click here.

Peace.



15-06-2007 12:19

Travis Schuh


Unread Re: paper: Basic Password Security

Quote:
Originally Posted by Pavan View Post

Also keep in mind that although it has been common for gaming and clans, there has been an exponential increase in the amount of brute force programs being created and being used, so keep that in mind next time you make your password, characters like "Æ, æ, ™ " are not usually put in those algorithms. For more information on ALT + NUM keys click here.
Thanks for the site. This opens up lots of new password opportunities, as now I can put in symbols formed by ALT + (Team number).

-Travis



15-06-2007 14:18

Quzarx


Unread Re: paper: Basic Password Security

I personally prefer using a md5 hash of an md5 hash of a word for my passwords. Yes, bit harder to memorize, but quite difficult to crack.
Such as, the md5 of "test"
098f6bcd4621d373cade4e832627b4f6
The md5 of that:
fb469d7ef430b0baf0cab6c436e70375



15-06-2007 19:59

fimmel


Unread Re: paper: Basic Password Security

Quote:
Originally Posted by Quzarx View Post
I personally prefer using a md5 hash of an md5 hash of a word for my passwords. Yes, bit harder to memorize, but quite difficult to crack.
Such as, the md5 of "test"
098f6bcd4621d373cade4e832627b4f6
The md5 of that:
fb469d7ef430b0baf0cab6c436e70375
i may try doing that. sounds like fun memorizing hashes.

also i set up a website one time and when i went into phpmyadmin to look at the user table. the passwords were in PLAIN TEXT. that means that any admin or even a hacker that got access to that table in the database would have all of the user names, passwords, emails etc of the users. anyway i decided to not use that script for the login.

/forest



16-06-2007 14:36

DonRotolo


Unread Re: paper: Basic Password Security

Quote:
Originally Posted by GaryV1188 View Post
It must be exactly X characters long or some other such restriction. I like the concept though - I sure have difficulty remembering all my passwords when I go to pay my monthly bills online.
Yep, there might be some excpetions - but I never have trouble remembering any of my passwords, so far...
Quote:
Originally Posted by Pavan View Post
even if somebody gets your password on CD they can ruin your name
Yes, and if you're dumb enough to use the same password for everything, they can do quite a bit more... Maybe not to a high school kid, but think mid-life engineer and what "ruined" might entail.

Also, with no extra effort - actually less effort than your layer system - you can use strong and unique passwords everywhere. Why not then?
Quote:
Originally Posted by Quzarx View Post
I personally prefer using a md5 hash of an md5 hash of a word for my passwords.
You, my friend, win the Uber-geek award for today.
(Anyone who knows what he means is a runner-up)

Don



16-06-2007 19:48

Protronie


Unread Re: paper: Basic Password Security

I don't care how "strong" a password you use... if someone wants the info enough they will get it. There are always backdoors the industry and government agencies have embedded into your O/S.

If theres something you don't want someone to see... don't trust it to the internet or a computer thats hooked up to it.



view entire thread

Reply

Tags

loading ...



All times are GMT -5. The time now is 18:58.

The Chief Delphi Forums are sponsored by Innovation First International, Inc.

Contact Us - Chief Delphi - Rules - Archive - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © Chief Delphi