[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: One-line password generator

Hi,

Brian wrote:
> They would never have got to 
>    my!only"reason£for$living%is^ebay

Unless some group of people is caught with using this scheme.
Of course the attacker needs more computing power than with a camelback
style text that bears no separators out of a set with a few dozen
characters.

You have a UK keyboard. That would be about number three to test for
an easy to memorize sequence of non-letters. (QWERTY, QWERTZ, BS 4822, ...)
So it's not much more work than with CamelBackStyle.


> Stamina is at least as important as speed.

Not to forget experience and gut instincts of the attacker.
He sneaks into your shoes and lives a copy of your life ... shoo-hooo ...


> We are mesmorised by the skills of offline crackers. They dazzle us and
> blind us to realities.

I often wonder how much of the reports about secret agency powers is
intentional deception and how much is a glimpse of a world where nothing
is private.
One cannot even tell for sure whether they get something that is worth
the money for the electricity they consume. It's all an endless series
of tricks and lies. They even use truth to fool the enemy. Nobody believes
the truth.


> > The first found meal tells the bear that there is more food in the same
> > direction.

> With an offline attack, probably. But where are the people who say that
> online is the same as or even similar to offline,

If the attacker has no opportunity to test a lot of tries, then brute force
has nearly no hope for success, indeed.
In this case, eavesdropping and non-computer actions like burglary or
social engineering are the things to fear. Not to forget judges.

IPv6 addresses are a problem. If i ask a what-is-my-IP site for my IPv6
address then it tells me the town where i live. With IPv4 the reported
location is often hundreds of kilometers away.


> And, even assuming a site such as Ebay with its millions of users loses
> its marbles to offline cracking, why think you are first in line for
> rampaging?

You'd end up in lists of cracked passwords and user names which get sold
for Bitcoins. Mass matters.


> Ok, they have to start somewhere - it might as well be you. :)

Never choose a username that looks like money or sexual exploitability.

A good precaution is to only do things in the internet, which you can
justify doing in public as well, and to only expose as much money to the
web as you can easily afford to lose.
I live in a spacetime bubble where this is possible. Others are less lucky.


Reco wrote:
> Since it [eq8GeKBhVXOTjF0dAyd0] appeared in a public maillist - it is a
> bad password by definition.

Harvested today and on the market tomorrow.

Brian wrote:
> It will not be used again.

Hey ! You are spoiling an upwardly mobile sector of the economy.


Have a nice day :)

Thomas
Reply to: