We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Time needed to crack passwords
Comments
-
Since HSBC gave those little keyrings out which give you back a new password every time you do any Internet banking, it's a pain in the a*re to use but i imagine it must be pretty secure.
It's guarding against a different risk.
Suppose we have two security schemes. In one, we take a user's password and hash it. That hash is stored in some sort of secure appliance which does strong rate limiting. Perhaps you send the appliance the username/password combination, and it responds 10^x seconds later, where x is the number of bad login attempts since the last successful one.
In the other, we have a secret that is shared between a secure appliance and a little keyring thingie. The keyring hashes the time with the secret and provides the number on the screen, and the appliance checks it's correct. Throw in some rate limiting and so on as well, to taste.
Which is more secure? Well, in the latter case, it protects against keyloggers, shoulder surfing, failure of the crypto on the link between you and the bank, a whole bunch of other things. But if the attacker can get into the secure appliance and obtain the key material, that's game over: they can log in as you, immediately.
In the former case, you're prone to keyloggers, shoulder surfing, writing it down, all the problems of passwords. But if the attacker gets into the secure appliance and steals all the hashes, they _still_ have the problem of deducing the password associated with the hash, which (given reasonable password hygiene) isn't a quick task.
Two factor authentication is a massively good thing, because it prevents a whole stack of real-world attacks. I use it for my google account, my ebay and my paypal accounts, and I have my children using it for their Facebook accounts.
However, if you assume an attacker who can break into authentication servers and steal material from them (which is necessary before all the "how strong is your password against offline exhaustive attacks" issues come into play) then an attacker who can steal the key material for SecureID/Vasco/Yubikey/etc devices is in a better position than an attacker who has just stolen (competently implemented) hashes.0 -
-
-
should they say up to 999253 years? as there is a chance it could be guessed correctly at any time from the first attempt.
If I was to design one, I would try all the classics first :
QWERTY PASSWORD 123456 etc
I know where you're coming from, but I would say its going to be far closer to the 999253 years than even 1 year
That said, obviously the more powerful the computer system/network........:idea:0 -
another version here
http://howsecureismypassword.net/Apparently I'm 10 years old on MSE. Happy birthday to me...etc0 -
whilst there does seem to have been a bit of excess cynicism around lately (partly why I've been more absent than not) we all ain't bad
Ain't dat da truff, (as I believe the young people say)
Cheers Jack. Ive missed you too :kisses:
Get a room! :beer:Move along, nothing to see.0 -
What's the modern digital equivalent of the Enigma machine?
What if you forget to bring it or lose it; how would you do your online banking?Since HSBC gave those little keyrings out which give you back a new password every time you do any Internet banking, it's a pain in the a*re to use but i imagine it must be pretty secure.
Also, what's a pain in the acre? 0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.2K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards