You are either not logged in or not registered with our community. Click here to register.
 
January 21, 2018, 06:51:53 AM

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length

Click here if you are having problems.
Default Wide Screen Beige Lilac Rainbow Black & Blue October Send us your theme!

Wiki Blogs Dicebot

Author Topic: PSA: Change all your passwords  (Read 923 times)

0 Members and 1 Guest are viewing this topic.

Offline BlankTopic starter

PSA: Change all your passwords
« on: February 24, 2017, 08:02:54 PM »
In case you haven't heard of the news of Cloudbleed, go change all your passwords.  An unknown amount of people's passwords have been made vulnerable.  Accounts like Uber, Fitbit, OKC, 1password (ironically) are vulnerable.

Offline Laughing Hyena

Re: PSA: Change all your passwords
« Reply #1 on: February 25, 2017, 05:14:23 PM »
Does it apply here as well?

Offline Cassandra LeMay

Re: PSA: Change all your passwords
« Reply #2 on: February 26, 2017, 03:52:43 AM »
Does it apply here as well?
I suspect not. Elliquiy staff are usually on top of things like that and I think we would have had an official announcement about it by now, if E were in danger.

Online Vekseid

Re: PSA: Change all your passwords
« Reply #3 on: February 27, 2017, 02:22:47 AM »
I was personally pestered by Cloudflare's peoples when they were just getting started, but no, we don't use Cloudflare.

Offline entropy970

Re: PSA: Change all your passwords
« Reply #4 on: March 28, 2017, 11:23:59 PM »
A simple tip for people who are interested in memorizing somewhat complex passwords, is to utilize algorithms, this is basically the basis for the fields of, for example, cryptography.

The simplest encryption algorithms could just be a single shift, for example, googlepassword would become hpphmfqbttxpse. The alphabetical frequency distribution function still follows, however, to a very, very severely limited extent due to the limited number of letters, however, most simple brute force techniques targeted at the average person's password does not test for everysingle shift possibilities.

To make it more secure, make sure that your encryption algorithm, is an algorithm, that is, a series of steps. Thus, it becomes less uniform. For example, for each even numbered letter, change them into a capital letter: hPpHmFgBtTxPsE

Then, for each 3n numbered letter, choose the number for which they are associated with in the alphabet from 1 - 26: hP15Hm6gB19Tx15sE

And continue however you want. Of course, this may not be the most practical in speed when you're sitting there counting, however, that is the tradeoff for security, or, this could be your complex password for your password vault. And, keep in mind that passwords for specific accounts may have a maximum character limit of 16.

Offline midnightblack

Re: PSA: Change all your passwords
« Reply #5 on: March 29, 2017, 01:06:18 AM »
xkcd had a memorable one on this topic.  ::)


Offline entropy970

Re: PSA: Change all your passwords
« Reply #6 on: March 29, 2017, 01:51:15 AM »
Using www.passwordmeter.com (note, the connection is not secure, so don't type in your own password, only tests), the initial sequence yields 100%, while the 4 word sequence yields 25%.

From the entropy calculation:
log2[(10+26+26+33)^11] = 72.268...
Approximation: (2^72.268)/1000 ≈ 6.6*10^(13) days
-
-
log2[(171,476)^4] = 69.55

171,476 is the total number of words contained within the The Second Edition of the 20-volume Oxford English Dictionary.

The cartoon is indeed correct that if the entropy is as: 2^28, whereby (2^28)/1000 ≈ 3.1 days

However, I do not know how he/she arrived on such conclusion, and thus, I would only suggest that the attack algorithm is such that the entropy calculation from each character of the first sequence is not considered from 1/(10 + 26 + 26 + 33).

10 number of numbers
26 number of lowercase alphabetical letters
26 number of uppercase alphabetical letters
33 number of symbols





Offline entropy970

Re: PSA: Change all your passwords
« Reply #7 on: March 29, 2017, 01:53:40 AM »
CORRECTIONS:

The initial sequence yields 75%, sorry for my mistake.

Offline entropy970

Re: PSA: Change all your passwords
« Reply #8 on: March 29, 2017, 02:01:27 AM »
CORRECTIONS
I am very, very sorry, as I am unable to edit, and I do not want to mislead or confuse.

The reason why 1/171,476 is considered is because of dictionary attacks. So instead of considering the letters, I decided to consider the words as I believe was the author's intention. The cartoon is very unclear to me, as I do not understand the attack method, and am sorry for any potential confusions.

Offline AmberStarfire

  • Rogue Starlight ~ Writer of Things ~ This Is Who We Are ~ Scully to his Mulder
  • Dame
  • Carnite
  • *
  • Join Date: Aug 2008
  • Location: Curled up with a notebook in a quiet forest, writing.
  • Gender: Female
  • ❤ Snuggler of the Wyld and Hairy ❤
  • My Role Play Preferences
  • View My Rolls
  • Referrals: 1
Re: PSA: Change all your passwords
« Reply #9 on: April 08, 2017, 09:09:58 PM »
Or you could write it down in a notebook and guard it with your life. :D

I remember when I was studying web design a few years ago, we had some reason to be on this web site that had the most common passwords converted into MD5, and that was like the list of passwords you shouldn't use ever if you have common sense. Usually the annoying jumble of alphanumeric characters and symbols are a safe bet to use.


Offline Hunter

Re: PSA: Change all your passwords
« Reply #10 on: April 10, 2017, 11:43:07 PM »
You should regularly change all your passwords anyways, something that I do that at least once a year.   I'm also a big fan of using Ccleaner often and an updated anti-virus.