Increasing files ... ?!

brent

infinitymdm I always feel safe using something like pwgen (repo)

pwgen -cny 60 50
Oi!pie%ZooPh*eFeyee5ooXohQu,o9kohwoowi8eu5jaidae1af.e>ad3ow0
go{queequaeb&oodei2ooch8yeng3eN$oo4Eereeg2teexahtah8Vee0ohc4
Rae?g6foo0chexaewohghae0ahth9soovu9aufe3ia5Zeeyibe0Noo4feegh
bai>th6ooDe5Iengaezo$sah1the4aegiech7oju4uuz6dahng3Quaeyeilu
aoz"eefoo1ieJ2fothah)d{e3ahthahwoo6eeteu6wah2oejeiqu=eeting=
zeech4ahshoh`hohshaisai7ai&t'aitaewahKuP]oo8aec3ich7que9thoo
yi9AiKahbae6ea=ceiQuee'Gahxaeque5zai3aiph0Iesh1reu-vieshee>p
de8ook}ae6uiPhe&die8ohchai6sho1jeeth6gei3thaehui9Aixu_voh6ba

it made fifty 60-character passwords for me. But what you are saying it's just a matter of time.
Any discussions of numbers/capitals/uppercase/lc/special symbols etc etc is irrelevant because, as factors/variables that increase 'numerals' and make the computers work harder---for nothing?

In other words computing capabilities will make Harvey's diagram need a revision every year? and the best we can hope for is a 1000 year password. Will the 1000 year password exist in 5 years? 🙂

infinitymdm

brent Any discussions of numbers/capitals/uppercase/lc/special symbols etc etc is irrelevant because, as factors/variables that increase 'numerals' and make the computers work harder---for nothing?

I'm not certain I understand what you're saying here. More variety (caps, lowercase, numbers, special chars) improves security because an attacker has to choose from more possible options for each character when executing chosen plaintext attack (CPA).

A CPA works more or less like this:

An attacker steals the encrypted version of your password. We'll call this the ciphertext. Now the attacker knows what your password looks like when it's encrypted, but not what it looks like in plaintext form.
The attacker starts choosing random strings of plaintext characters as "potential passwords" and encrypting them, usually using their own hardware and software, but with the same encryption scheme.
Eventually the attacker finds a plaintext password that produces the same ciphertext as they captured in step 1. Now they know your password.

There's a little more to it than this, but I believe this is what Harvey's chart is talking about. You can see how more variety in your password means that an attacker has to choose from a lot more random characters, and that takes them much longer.

infinitymdm

brent In other words computing capabilities will make Harvey's diagram need a revision every year?

This is correct. Every year we have faster computing hardware to work with.

brent the best we can hope for is a 1000 year password.

Ultimately, all modern security is based on math problems that we haven't found easy ways to solve yet. We say those problems are "hard". Trouble is, we aren't 100% certain any properly hard problems exist - maybe we just haven't discovered the easy solutions yet. Security isn't a guarantee - it's fundamentally optimistic.

That said, I wouldn't stress about it. The smartest mathematicians have been looking at these problems for centuries, and we still haven't found major shortcuts. And your personal data probably isn't worth going after.

brent

infinitymdm More variety (caps, lowercase, numbers, special chars) improves security because an attacker has to choose from more possible options for each character when executing chosen plaintext attack (CPA).

that's what I was trying to say, poorly.

infinitymdm You can see how more variety in your password means that an attacker has to choose from a lot more random characters, and that takes them much longer.

then it's a good thing. CPA sounds complicated, I will not worry. In pwgen I will trust.
thanks for yr explanation

WetGeek

Harvey

For a long time I've been using LastPass to generate 16-character passwords using 4 character classes for new accounts. Although the resulting passwords are comfortingly complex, according to the chart you posted, that's clearly overkill. Generating 8-character passwords of the same type would require a hacker to tie up their computer for far more years than would be reasonable to hack my network. I'm just not worth it.

So, I'm going to change my password generation to 8 characters of 4 classes. On occasion, I need to "confirm" a new password by manually typing it into another field, and that would make it far easier for me to do that.

Thanks for posting that chart.

Axios

My goto for everyday going ons in security. https://www.schneier.com
Been lax and havent read for awhile can be dry reading but its all interesting.

Just a little tidbit I have a hash of one my computers login (Mac) set everything up on another average computer
Said ya going crack this password..lol Ya right after weeks of running I shut it off..rofl
I may have had something setup wrong dunno but not going take weeks or years to find out..

There are so many other issues with passwords than spending the time trying to brute force them.

BloodFeastMan

One of the things I've done with regard to passwords is to make my own password generator, but it is not in the traditional sense .. I have a personal system of very to remember, but lousy, passwords, and the generator will accept this lousy password as an input. The password is hashed by several algorithms thousands of times, and the resultant raw binary string will be Ascii85 encoded at whatever length I choose. (Ascii85 offers lots of special characters, but I actually have run into the situation where sites won't accept some of them) The same lousy password will always produce the same long and strong result, and that's what actually gets passed.

So basically I'm just introducing another level of password hashing before anything leaves the computer. Well, I thought it was a good idea, anyway 🙂

DirtyAngel

BloodFeastMan +++ So I wonder wildly if this is correct ? : In case Quantum Computer copes with cracking 400 chars in 90 seconds, then I need a wildly bigger password ? Assumed I want to secure privacy with one password for ten years-lasting security, then I would need a password which has size of 256 TB against a Quantum Computer ?! But Quantum Computer would melt already within hours or days ... This is satirically mentioned ... +++

DirtyAngel

This thread is not solved yet ...

System Solus is reporting, when logging into Gnome Desktop that root filesystem has no space left ?!
But I did bleachbit as sudo before and I de-installed Oracle Virtualbox, so that over 300 GB additional space of hard-disk are now free available ?! Despite of this, root filesystem is "full" ?!

How do I tidy up my hard-disk ?!

When I want to unpack a package (e.g. thunderbird as actual beta) ... then Solus refuses
because of "no space left" ?!

brent

DirtyAngel But I did bleachbit as sudo

those exact words have prefaced roughly 100 out of 100 system failure threads...

Data Drake, when she was on board, responded to a case like this where squashfs included, no space remained. I always remembered she said it's the way the numbers (space numbers) are being inaccurately reported to the system--and which app is reporting said numbers-- that was the problem. It was solved with some teeth pulling and OP got the space back. I will look for it in search. edit/could not find that thread.

Staudey

DirtyAngel de-installed Oracle Virtualbox

Note that just uninstalling VirtualBox won't delete leftover virtual machines, cache, etc. So you might want to do that too.

DirtyAngel

Staudey +++ Before de-installing Virtualbox, you need to remove the virtual partitions inside Virtualbox. When Virtualbox is empty, then it can be de-installed. +++

DirtyAngel

DirtyAngel For to secure privacy sensibly I would need then a garage full of hard-disks ?!

BloodFeastMan

DirtyAngel I would need a password which has size of 256 TB against a Quantum Computer ?!

I could be very wrong about this, but it is my opinion that we are a long way from any sort of practical quantum computing. The technology involves collapsing wave functions; physicists haven't even figured out the double slit after a hundred years. Scientists are no different than anyone else when they're looking for funding.

infinitymdm

BloodFeastMan we are a long way from any sort of practical quantum computing.

Definitely agree here. You should not be seriously concerned about making your system quantum-hard. I outlined why in my earlier post. Even if you are concerned about making your system quantum-hard, a longer password isn't going to help; the quantum-hardness has to be built into to the encryption scheme.

But let's bring things back on topic: @DirtyAngel did you manage to recover your storage space?

DirtyAngel

infinitymdm +++ ... at present no trouble with storage space. I had to reboot after sudo bleachbit. virtualbox of Oracle is not present here on my hard-disk now.

Staudey

I guess you're trying to tell me that you did remove the virtual machines first? If so, cool.

DirtyAngel

Staudey +++ LOL ... in Linux you never stop learning ... !!!!

« Previous Page