Password Security

Things to guide you through this site.

Password Security

Postby phreestyle » Tue Apr 16, 2013 4:11 am

Hi all,
While this bulletin board uses fairly strong password security, there have been instances in the past where phpbb (the application this board uses) has been hacked. This is also true for a lot of sites on the web, including big players like Linkedin and Sony.

A good rule of thumb is to use a unique password on every site you use. That way if your password does get compromised it is only compromised in one place. Do not reuse passwords.

Also, don't use passwords that are related to your personal life, like your mother's maiden name or your birthdate. These are much easier to for hackers and scammers to deduce via social engineering.

Anyway there is an excellent document here if you are interested in learning more.
  • 0

Life's a journey. Enjoy the trip.
User avatar
phreestyle
Frequent Poster
Frequent Poster
 
Posts: 202
Joined: Sat Apr 13, 2013 6:45 am
Location: Australia
Show rep

Re: Password Security

Postby w00 » Sun Apr 21, 2013 3:45 pm

Here's a trick I've used:

Base64-encode your password before using it.

Base64 encoders are available all over, I recommend Unix-utils package, but there are surely web sites that will do it.

Here's how it works for me:

Code: Select all
w00@woo:/tmp/crackedheads$ echo password
password


Okay, that's "password", echoed to the screen with a carriage return / line feed after.

Now, we're going to "pipe" the output (using the vertical bar "|" character) of the echo command into base64 program (part of basic Linux installation on my machine):

Code: Select all
w00@woo:/tmp/crackedheads$ echo password|base64
cGFzc3dvcmQK


Now a simple password like "password", when encoded, becomes impervious to dictionary-attacks.


One more example, with 3 CR / LFs added to the string (carriage return / line feeds represented by \n and enclosed in quotes):

Code: Select all
w00@woo:/tmp/crackedheads$ echo "password\n\n\n"|base64
cGFzc3dvcmRcblxuXG4K

Edited to say, using "password" as your password, even if encoded, isn't something I recommend of course. Just an example.
  • 0

Last edited by w00 on Sun Apr 21, 2013 4:01 pm, edited 1 time in total.
Reason: Added to say, you should use something other than "password", even if encoded. Plus clarified echo and pipe.
Some drink from the fountain of knowledge, while others merely gargle.
--
There are 4 boxes to use in the defence of liberty:
1) soap, 2) ballot, 3) jury, 4) ammo.
Use in that order.
w00
TCS Camper
TCS Camper
 
Posts: 775
Joined: Sat Apr 13, 2013 6:38 am
Show rep
Title: Wrote the Turing test


Who is online

Users browsing this forum: No registered users and 2 guests