tag:blogger.com,1999:blog-37798047.post4423304604589400466..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: The hacking of a general's mistressDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-37798047.post-31877316699167807922012-11-21T15:44:35.294-05:002012-11-21T15:44:35.294-05:00Nobody tried yet to enter that account with the en...Nobody tried yet to enter that account with the encrypted password?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-89503118992558354812012-11-21T13:03:08.295-05:002012-11-21T13:03:08.295-05:00A bunch of the stratfor passwords were actually de...A bunch of the stratfor passwords were actually default 8 random uppper/lower alphanumeric passwords that were never reset by the users. I'm willing to bet that her's is one of those. Aka that password is of no use to an attacker trying to gain access to her other accountsAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-11002510067633213042012-11-15T09:52:07.092-05:002012-11-15T09:52:07.092-05:00> One thing to note is that password cracking t...> One thing to note is that password cracking tools aren't guaranteed to give you the actual password but rather a string that hashes to the same value.<br /><br />The chances of that happening with a decent 128 bit hash is negligible. Something like 2^{-80} or 10^{-24} in this case. In short, it doesn't happen.CiCnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-73114308672621569552012-11-13T03:41:08.764-05:002012-11-13T03:41:08.764-05:00@anon(3:13) doesn't matter if it hashes for th...@anon(3:13) doesn't matter if it hashes for the cracking program it hashes for the website. Salts may break that, but IIRC Stamford didn't use one.scott herberthttp://scott-herbert.comnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-32194929264203257892012-11-13T02:28:42.033-05:002012-11-13T02:28:42.033-05:00@Political Leverage
Also use a couple of email ad...@Political Leverage<br /><br />Also use a couple of email addresses for your various social networks, ebay and one for business contacts. Do not repeat a username or handle or any variant there of it makes it stupidly easy to track someone across the internet.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-54830159561209152302012-11-12T15:13:14.892-05:002012-11-12T15:13:14.892-05:00One thing to note is that password cracking tools ...One thing to note is that password cracking tools aren't guaranteed to give you the actual password but rather a string that hashes to the same value.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-7543130787256482962012-11-12T12:49:04.703-05:002012-11-12T12:49:04.703-05:00oclHashcat-lite would be faster. Also you're r...oclHashcat-lite would be faster. Also you're running a really old version of -plus. Newb ;)<br /><br />I wonder what an informal poll of your hacker friends would say about how many already had cracked that password.chorthttp://rants.effu.senoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-25542597251415312352012-11-12T04:23:55.104-05:002012-11-12T04:23:55.104-05:00@political That and not to reuse passwords ever. T...@political That and not to reuse passwords ever. They are most commonly known as passphrases.<br />http://en.wikipedia.org/wiki/Passphrase<br />Jonas Elfströmhttps://www.blogger.com/profile/18088865137364783994noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-71583715359618637912012-11-11T23:22:51.421-05:002012-11-11T23:22:51.421-05:00So is the moral of the story to do "sentence ...So is the moral of the story to do "sentence passwords"? Like "Iwatchthe11OclockNewsat1030pm"Dan Andrewshttps://www.blogger.com/profile/11365377368890862595noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-8307309957599484602012-11-11T22:38:34.181-05:002012-11-11T22:38:34.181-05:00Such a random password might be indicative of usin...Such a random password might be indicative of using a password manager. I'd say it's more likely than not that her Stratfor password was not shared by her e-mail account.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-37798047.post-47072945776425634482012-11-11T22:28:06.994-05:002012-11-11T22:28:06.994-05:00In my (admittedly unscientific) polling of non-exp...In my (admittedly unscientific) polling of non-experts, I find they understand "one-way crypto" better than "hash", so that's pretty much how I'm always going to describe it.<br />Robert Grahamhttps://www.blogger.com/profile/09879238874208877740noreply@blogger.comtag:blogger.com,1999:blog-37798047.post-58972478588353043372012-11-11T22:18:56.763-05:002012-11-11T22:18:56.763-05:00MD5 isn't encryption. It's an important di...MD5 isn't encryption. It's an important distinction and what better place than on a security blog to educate people about encryption and hashing.Michealhttps://www.blogger.com/profile/13368916888241463610noreply@blogger.com