"Well, teddy Bear, it's easier than you think, but not easy."
He paused for emphasis and continued. "You'll find hacker handles and variable names instructive in choosing hard-to-break passwords. When I first looked into them, I made the commonplace mistake of supposing that their colorful nicknames were indicative of the composition of their passwords. For example, I saw that they used zero's where O's would go, 4's for 'A's, 5's for S's 1's for L's and I's, 3's in place of E's, dollar signs where you would look for S's, and the plus operator for T's. I named myself hyp3rm0n0c14$+1c on a bulletin board, and told them all the Aggie Joke about the Aggie who thought his password couldn't be guessed. They laughed, and put me on to a table they padlocked for practice. I keyed it in, and in less than 4 hrs they were back with the password. That may seem as only as remarkable as reading the table without my permission, but they assured me that they built it pseudo randomly using an engine. I asked them how they guessed it so "quickly," and they taught me everything I know.If it was easy, Everyone would do it!"
First, they clarified for me that the table in question, for all it's impregnable fair play, was hamstrung by removal of the "three try rule." They could sit there with a computer and assault the file with as MANY passwords as their hearts could wish in any given second. I'm pretty sure that Travis would have faulted their imaginations, but I was officially documenting the humility of a student, and didn't raise an eyebrow.
BTW, I've had good success with Travis, asking him to document the _false_ humility of a student, but it's not my first plan of action. He assured me he was joking, and proceeded to do the same thing to his Algebra classes, with reported success, so I think it might actually work.
Returning to the discussion of passwords, Ursula, these guys explained that they had not tried ALL the _permutations_ (that's the mathematical way to figure out how many there could be,) but instead they cheated and took an electronic dictionary and tried all the words. I asked them if that was what they meant by a 'hack,' and they said, "No, it's a crack, not a hack." I gave up understanding their expressions overnight. They gave me high marks for how many times they had to go through it over and over, because every letter I changed to a number made a whole different dictionary, and there were eight of them. I was depressed, and demoralized, and told them THEY had been IMMORAL; they only laughed and said that if they stopped, the NSA would have a party, and they were all ex-CIA Rangers. They told me I hadn't kept the defense honest by changing up, and the number substitutions were amateur, by being pattern driven. I was _still_ bummed, so they promised me free porn, and showed me that these conventions they used for names were just for show:The straight skinny is that passwords HAVE to be RANDOM.They used a convention called "the four food-groups" to remind them of what they meant. A two-food group password would have lower-case AND upper-case letters in it.
Ursula decided to let him know she was listening, and asked the obvious question:
"What are the four food-groups?"We call numeric's "numbers" and usually refer to upper case numbers as "special characters." Some sites even level the playing field by refusing to allow the sharpies to use the special characters but this is kind of like leveling the playing field for seals as they dash for the shore in shark infested waters -
"lower case letters, upper case letters, numeric letters, and upper case numeric letters."
there is safety in numbers only if you _have_ to BE a number; some people call that herd behavior; these are typically not shepherds, but rather top-gun CEO types, otherwise hindered by self deceit.Whatever the case, Ursula Minor, you need to choose the best password practical under any circumstances; practical INCLUDES being able to remember it - that's where the numericized letters come in, see?
Ursula pursed her lips in concentration. "Is it JUST letters that are two-food-group passwords," she asked, "or is it the case that I can mix any pair of food groups for the purpose?" Sam was as happy as any teacher can be, and responded to her demonstrable attention by expanding, "Yes, you CAN change them up. In fact, you can have two-food group, three-food group, AND four-food group passwords that way. In fact, if it's a matter of extraordinary circumstances, you can throw in an alt + 'any number between 127 and 256' (like we talked about before,) for effect - an actual 5th food group!"
Ursula felt that Sam had truly shared an intimacy with her, and she promised herself that she would convert his efforts into online security for them both. She smiled at him and got a cup of coffee of her own. "Sam, I've been working out a new system of feedback for Intimate Swedish Massage. Could you devote to me your undivided attention tonight, until the morning hour is no longer new?" Sam's nose pointed left and to the rear, but his eyes looked directly into hers. "My Martial Arts are far more current than my Marital Arts." he replied. "I'm sure I need the practice."
No comments:
Post a Comment