Re: Find out host of IP
[quote]The best thing you can do is to disable password logins altogether. Using public keys is much more secure and makes it *impossible* for a dictionary attack to succeed.[/quote]
If someone can get my 40+ character password which includes symbols, numbers, letters, lowercase, and uppercase... I'm impressed and deserve to be rooted :)
It's really not hard to remember complex passwords as long as you make them sane, the only real risk you have is a key logger.
Start with something easy for you to remember, say the digits on the first address you remember as a child, add in a phrase with capitalization that isn't normal, replace some characters with symbols, toss something in hostname specific, and tag some bonus characters on the end for posterity. Hell even using a phrase specific to you would be fine as long as its not a quote or something.
OnMondayINeedToBuyGroceriesAtIGAForLessThan100$toeat
I tend to put reminders to myself on the end of my passwords to... keeps me from forgetting when to change it next.
blahblahblahex-pie-ers-ON7/24/07
The thing ot watch is not use things that can be run from a dictionary... like quotes for instance, when doing a security audit I added a few quotes i had heard used around the company by management and companynamesucks and such and picked up about 4-5% more passwords with small variations... 1companysucks2 etc. For a similar reason chemical compositions are bad... even though the resultant password LOOKS good... C8H10N4O2 looks pretty secure... but isn't at all.
Personally, I prefer passwords to keys, although with enough computer power all passwords are breakable through brute force given enough time... with a very long complex password using a variety of caps, symbols, numbers, et all... it can be realistically infeasible though.
Reply to: