Ah. That bumps you up to 64 GB Rainbow Tables. :) Regards,
Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Micheal Espinola Jr [mailto:michealespin...@gmail.com] Sent: Thursday, February 10, 2011 6:37 PM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes Actually, I accidentally limited my remark a bit... How's about American ASCII table? -- ME2 On Thu, Feb 10, 2011 at 2:34 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: That only requires 32 GB rainbow tables. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: Micheal Espinola Jr [mailto:michealespin...@gmail.com<mailto:michealespin...@gmail.com>] Sent: Thursday, February 10, 2011 5:32 PM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes Surely. But I'm assuming we are only talking about English-based alphanumeric. -- ME2 On Thu, Feb 10, 2011 at 1:17 PM, Michael B. Smith <mich...@smithcons.com<mailto:mich...@smithcons.com>> wrote: It isn't impressive. I've got 250 GB of Rainbow Tables. I am surely not the only one. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: MMF [mailto:mmfree...@ameritech.net<mailto:mmfree...@ameritech.net>] Sent: Thursday, February 10, 2011 4:15 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes Sounds impressive. Mind telling us what software you are using? Murray ________________________________ From: Michael B. Smith [mailto:mich...@smithcons.com<mailto:mich...@smithcons.com>] Sent: Thursday, February 10, 2011 3:09 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes Anything under 15 characters I can crack in under 5 minutes. Anything. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: MMF [mailto:mmfree...@ameritech.net<mailto:mmfree...@ameritech.net>] Sent: Thursday, February 10, 2011 4:05 PM To: NT System Admin Issues Subject: RE: IPhone attack reveals passwords in six minutes How about a nursery rhyme but use the first letter of each word. Example: Hickory Dickery Dock The Mouse Ran Up The Clock would be: hddtmrutc. Murray ________________________________ From: William Robbins [mailto:dangerw...@gmail.com<mailto:dangerw...@gmail.com>] Sent: Thursday, February 10, 2011 12:52 PM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes +1 I use song lyrics also. - WJR On Thu, Feb 10, 2011 at 12:49, David Lum <david....@nwea.org<mailto:david....@nwea.org>> wrote: One method is to take acronyms from your favorite hobby and string them together Example: NetBEUI CPU is 45GHz 14Kbps NetBEUICPUis45GHz14Kbps. 25 characters, upper and lower case and I'm going to guess random enough. Surely acronym's are different when it comes to a dictionary attack? Need to change it? Flip the order of the acronyms. Personally I use a passphrase with correct punctuation - it gives upper case, lower case, and special character. These becomes frustrating when you go to a website that gives you something dumb like 12character maximum, in which case use the hobby acronym's. My $0.02 Dave From: Don Ely [mailto:don....@gmail.com<mailto:don....@gmail.com>] Sent: Thursday, February 10, 2011 10:29 AM To: NT System Admin Issues Subject: Re: IPhone attack reveals passwords in six minutes I must not be human... Most of my high security accounts have passwords of 20+ random characters and I have them memorized... On Thu, Feb 10, 2011 at 10:25 AM, Ben Scott <mailvor...@gmail.com<mailto:mailvor...@gmail.com>> wrote: On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross <mr...@ephrataschools.org<mailto:mr...@ephrataschools.org>> wrote: >> If data is encrypted with strong crypto, and that crypto's secret >> key is not stored on the device, then that data can generally be >> considered safe even if the device is stolen. >> >> In English, that means if the security depends on a strong password >> the user must enter (and not on some magic the manufacturer has >> "hidden" inside the device), the password-protected data is safe. > > ... Isn't that only partially true? I mean, if the encrypted data is stolen, > isn't it reasonable to believe it can be cracked given enough time/cpu power? You're basically correct. Given good algorithms and implementations, the strength of your security depends on the strength of the key. If the password is an English word, then yah, it's going to be straightforward to crack in minutes or hours with a dictionary attack. If it's a a combination of words and other characters, it's harder, but still within reason for days, weeks, or months. Once you go to truly random characters, it's dependent on the length. But even 10 characters might be crackable in several years given commercially available technology. (I'm not up on current predictions, so numbers may be off for times.) A truly random 256-bit symmetric key could theoretically be cracked given enough time, but time to brute-force (given known technology) is generally given in billions of years. It has been theorized that new technology (especially "quantum computing") could drastically cut into that, but it remains to be seen if such things are actually possible or not. But 256 bits is a lot. Printable ASCII is roughly 96 characters. That fits in roughly six and a half bits. So your passcode would need to be around 40 characters long, and *completely* random (no words or patterns), for it to be in that neighborhood. It's not realistic to expect humans to do that. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com/> Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ________________________________ No virus found in this message. Checked by AVG - www.avg.com<http://www.avg.com/> Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
