Main Area and Open Discussion > Living Room
After PSN. Who's next?
Renegade:
Nobody dismisses '"brute force" cracking techniques as being impractical any more. Today's multicore CPUs make it an extremely workable crack for most passwords people are able to commit to memory.
-40hz (May 05, 2011, 09:55 AM)
--- End quote ---
Check this out concerning brute force cracking of passwords. Was posted just recently somewhere.
-phitsc (May 05, 2011, 10:12 AM)
--- End quote ---
Good article. I was glad to see that they addressed the pass-phrase technique, especially as they showed just how good it is. I've heard people poo-poo on it as being useless.
Shades:
The article is enlightening. Still, I can not help but think that people start to use common terms or something that is is closely related to them...making the attack that much easier than the suggested years it takes to crack it.
Seriously limiting the amount of logins per time interval and "penalty boxes" are key to the suggestions made in the article. But those are also good to implement in current applied protection schemes.
Deozaan:
assuming Sony's IT guys are not complete idiots-phitsc (May 05, 2011, 05:50 AM)
--- End quote ---
That's quite an assumption to make. Consider the following evidence:
In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.-http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html
--- End quote ---
Also, I don't know exactly how it works, but the way the PS3 was finally hacked was the master key could be figured out because Sony used a static/constant number in the encryption scheme where there should have been a completely random number.
phitsc:
assuming Sony's IT guys are not complete idiots-phitsc (May 05, 2011, 05:50 AM)
--- End quote ---
That's quite an assumption to make. Consider the following evidence:
In congressional testimony this morning, Dr. Gene Spafford of Purdue University said that Sony was using outdated software on its servers — and knew about it months in advance of the recent security breaches that allowed hackers to get private information from over 100 million user accounts.-http://consumerist.com/2011/05/security-expert-sony-knew-its-software-was-obsolete-months-before-psn-breach.html
--- End quote ---
Also, I don't know exactly how it works, but the way the PS3 was finally hacked was the master key could be figured out because Sony used a static/constant number in the encryption scheme where there should have been a completely random number.
-Deozaan (May 05, 2011, 10:02 PM)
--- End quote ---
I think that would be really embarrassing for them. Nevertheless, I'm tempted to assume that if they don't take the security of their main online system more serious, other's don't to so either.
cthorpe:
Don't know how I feel about this one. I do think they are taking the right steps, and they even admitted that they are taking the paranoid course of action. Then again, it's not like they notified their users, as I only found out about this from reading this thread.
I started using LastPass when Roboform reneged on their lifetime update policy.
I tried KeePass, but it kept autofilling the wrong fields in Firefox.
More than once, I accidentally changed my wifi wpa keys because of it, and websites were constantly giving me errors after I filled in forms.
So now I am with LastPass. My LastPass key is 32 psuedorandom characters that include uppercase, lowercase, numbers, and symbols. I have my LastPass key stored in a KeyPass database that is protected with an 18 character key that I generated using the first letters of a specific sentence on a specific dvd that was sitting on my desk with uppercase and lowecase letters as indicated in the sentence and random punctuation thrown in.
I am pretty sure my LastPass is pretty well out of reach of brute force cracking at this time.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version