0 thoughts on “Trouble in password land, again?

  1. Check out Steve Gibson's password haystacks.https://www.grc.com/haystack.htmThe basic premise is that you want the bad guys to have to check the full complement of characters (uppper/lower/number/symbol), and you want to make it long. But it can certainly contain dictionary words.Remember, until the bad guy *actually* figures it out, he doesn't know anything, including the length of an ill-gotten hashed password from a compromised password DB. So while you may know it contains dictionary words, the bad guys do not. Nor do they know you've connected them with dashes, or that you've padded the end of it with "12345".Check out that link to evaluate how hard a brute force attack on your passwords will be.

    Like

  2. Yes, but… Does good old Steve Gibson's we site know of the latest black hat hacking tool that I referenced in my original post?

    Like