Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 11 Dec 2019, 15:30
All times are UTC - 4
 Forum index » Off-Topic Area » Security
PAASSSWWOOORRRDSSSS! What Is The Longest Password You Use??
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [23 Posts]   Goto page: 1, 2 Next
Author Message
MrDuckGuy


Joined: 31 Jan 2019
Posts: 116
Location: Hermosa Beach, CA, USA

PostPosted: Tue 12 Mar 2019, 12:38    Post subject:  PAASSSWWOOORRRDSSSS! What Is The Longest Password You Use??
Subject description: I Started Using Very Long Passwords ... Before I Was Making Simple And Easy To Remember Ones B'H
 

So here's the topic. For years I
sardonically disdained passwords, and
whenever I set a pin, it was "1234" or
"2468" or "1357" and whenever I set a
password it was "abcd1234," or "Abcd1234"
because for one, it was one password for
everything that was easy to remember, and
two, I didn't really (and still don't) think
that security is really all as crucial as
"they" would have "us" believe.

I, to this day, do not know anyone, who's
had an account stolen or identity used. I
have never had these issues ever myself. I
don't think it NEVER happens and of course
do not think it won't EVER happen. It does
of course. Also airliners crash. Also trains
collide. Also tidal waves happen. People are
struck by lightening. Life happens.

In short, I've never been in an airline
crash, a train collision, or been drowned by
a tidal wave. I've been in several
earthquakes, without a scratch. I don't
believe in luck, but the statistics don't
lie. For all the time we spend on security,
and for all the inconvenience we create with
our "need" for safety, my opinion? It's an
obvious symptom of paranoia. The profit from
keeping so "secure" is far outweighed by the
cost in time and loss of trust and many
other things, versus the gain in security that's
achieved. Life happens. You do not gain
enough security to make up for the drastic
losses incurred by the mistrust you gain, the
time you spend, and the inconvenience of
resetting all the passwords you forget, losing
hours of your life due to this.

By definition, I think a reasonable person
would say, that's paranoia. I wear a seat
belt. That's common sense, and it's a safety
issue. I lock up when I leave the house.
Being safe is one thing, but driving
yourself crazy over security is another. You
can build a 12 foot fence around your house
- and the neighbors dog will never mess up
your yard and your activities won't be seen
- but the cost? You are now a hermit.

In any case, I recently discovered a website
https://passwordsgenerator.net which
takes you to a web based 'Secure Password
Generator'. You can custom generate your
password to include symbols, numbers, lower
case characters, uppercase characters,
exclude similar characters, exclude
"ambiguous" characters, and the length can
be anything from six to 2048 digits long.

I have been using it for a while. At first
I started using it to generate the shortest
password that the hosts would accept, but
recently? I've been generating the longest
passwords that the hosts would accept. Last
night I reset the password on my cable
company's website account to 32 characters.
My Wikipedia password is I think, 256
characters, and my modem's password is now
set to a combination of 63 numbers, capital
letters and lower case letters.

So, when on the telephone with the cable
company's tech support the tech suggested
that maybe my password was too short, and
was overwhelmed when I answered that it was
set to 32 characters. It's a "strong"
password.

It occurs to me, by that tech's reaction,
that most people are doing what I used to
do. Set the shortest password that the
system will accept.

So what's the longest and most complex
password that you, the Puppy forum gang,
use? Do you try to get away with the
shortest and simplest? Do you try to test
the limits with the longest and most
complex? What's the consensus?

As always, thanks in advance, Kelikaku B'H.
2019-03-12-1303-38-Screenshot00.png
 Description   Puppy Linux Forum screenshot. B'H.
 Filesize   88.2 KB
 Viewed   272 Time(s)

2019-03-12-1303-38-Screenshot00.png

bloodypasswords001.png
 Description   Passwords!! B'H.
 Filesize   44.39 KB
 Viewed   301 Time(s)

bloodypasswords001.png


Last edited by MrDuckGuy on Tue 12 Mar 2019, 13:50; edited 3 times in total
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 1430
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Tue 12 Mar 2019, 13:13    Post subject:  

I just use the GTKHash Checksum utility in puppy.
Enter your easy to remember phrase
Take your pick of hashes and copy/paste

If you want to get crazy just do a hash of a hash.
gtk1.jpg
 Description   
 Filesize   34.5 KB
 Viewed   285 Time(s)

gtk1.jpg

Back to top
View user's profile Send private message 
MrDuckGuy


Joined: 31 Jan 2019
Posts: 116
Location: Hermosa Beach, CA, USA

PostPosted: Tue 12 Mar 2019, 13:55    Post subject: Re: PAASSSWWOOORRRDSSSS! What Is The Longest Password You Use??
Subject description: I Started Using Very Long Passwords ... Before I Was Making Simple And Easy To Remember Ones B'H
 

perdido wrote:
... use the GTKHash Checksum utility ...
easy to remember phrase ...
your pick of hashes and copy/past ...
Do you do the same for your login IDs? B'H.
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 1430
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Tue 12 Mar 2019, 14:09    Post subject: Re: PAASSSWWOOORRRDSSSS! What Is The Longest Password You Use??
Subject description: I Started Using Very Long Passwords ... Before I Was Making Simple And Easy To Remember Ones B'H
 

MrDuckGuy wrote:
perdido wrote:
... use the GTKHash Checksum utility ...
easy to remember phrase ...
your pick of hashes and copy/past ...
Do you do the same for your login IDs? B'H.


Almost always except when the password requires characters not generated with GTKChecksum

.
Back to top
View user's profile Send private message 
mikeslr


Joined: 16 Jun 2008
Posts: 3544
Location: 500 seconds from Sol

PostPosted: Tue 12 Mar 2019, 15:46    Post subject:  

You want to keep your password secret, right! Else, why bother.
One of the most successful secrets I know about is Linear A. People, referred to as the Minoans, living on Crete several thousand years ago left two disks containing symbols, one referred to as Linear A, the other --dated closer to our current era-- Linear B. It's been established that Linear B was written in an early form of the Greek language; so we know, more-or-less, what information was recorded. But no one has conclusively established what information the disk written in Linear A conveyed. Cyrus H. Gordon effectively derailed his career by suggesting that Linear A was written in a Semitic language. [God forbid that earliest European Civilization was not Aryan]. Someone, whose name I've forgotten, has argued that it was written in Luwian. The Luwians lived on the Southwestern coast of what is today Turkey. The language they spoke, along with that of the Hittites, is known as Anatolian (old name for the Turkish Sub-continent). It appears to have been separated from Indo-European Languages roughly a couple thousand years before the split between the European Languages and the non-Dravidian Languages of the Indian Subcontinent. [?Noah's Flood /collapse of the land at what is now the Dardanelles Strait?]. The writer was evidently unaware or unconcerned with the connection of the Luwians to the Levites, the Tribe of Moses.

Whatever, the significant point is that in order to 'crack a code' you have to have a frame of reference and sufficient repetition of symbols to identify that frame of reference. Unless you're willing and able to make up your own language --one not based on any known language-- destroy all notes, including any indicating how you devised your language, and then die, the chances are that someone with a supercomputer will eventually 'crack your code'.

The most significant point of that is that unless you have a phenomenal memory, chances are that the more obscure and difficult your password is, the more you will have to rely on recording it someplace or with someone. Then the security of your password will depend on how secure your hiding place is, or what security provisions someone else has taken. There's a good chance that you're more likely to lock yourself out of the information than prevent a dedicated hacker with a supercomputer from accessing it.

There's a fairly easy way to create a password you can remember, but which according to on-line sources would take an inordinate amount of time to crack.

Q7h5U9w30y8h3 -- Think you can remember that? Well, I can't. But I can remember that it's what (without a separation between two words) will be typed if using a QWERTY keyboard I type Aunt Josephine but placed my fingers one level above 'the rest position'. Not that I use it or even have an Aunt Josephine. Rolling Eyes Pick your own favorite relative -- book title, or Biblical passage. Idea Or move your fingers to the left, right or below 'the rest position'.
Back to top
View user's profile Send private message 
wiak

Joined: 11 Dec 2007
Posts: 1842
Location: not Bulgaria

PostPosted: Tue 12 Mar 2019, 16:48    Post subject:  

mikeslr wrote:

There's a fairly easy way to create a password you can remember, but which according to on-line sources would take an inordinate amount of time to crack.


That's really a great idea mikeslr, except that you've published it and this wide audience could program even their slow computer to try that simple algorithm first in their password cracking program! I gather that the method was already well-published on the internet from what you say though. I have some methods I use too, but I'm not telling!

_________________
Tiny Linux Blog: http://www.tinylinux.info/
Check Firmware: www.murga-linux.com/puppy/viewtopic.php?p=1022797
tinycore/slitaz: http://www.murga-linux.com/puppy/viewtopic.php?p=990130#990130
Back to top
View user's profile Send private message 
8Geee


Joined: 12 May 2008
Posts: 2095
Location: N.E. USA

PostPosted: Tue 12 Mar 2019, 20:51    Post subject:  

None less than 16 length for https sites.
_________________
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 13391
Location: Arizona USA

PostPosted: Wed 13 Mar 2019, 01:16    Post subject:  

Instead of passwords I use pass phrases. They're easier to remember and enter without making mistakes, and just as hard to crack. These days, most logins will allow spaces in the password.
Back to top
View user's profile Send private message 
p310don

Joined: 19 May 2009
Posts: 1433
Location: Brisbane, Australia

PostPosted: Wed 13 Mar 2019, 03:04    Post subject:  

I'm not great with passwords. In fact I recently discovered that my wife and I have the exact same password, created independently of each other.

The biggest issue I have with long and or intricate passwords is remembering them, especially if I am at a different terminal to usual.

But I have a solution to memory.

I use the same password for everything. With a caveat. Obviously if someone got my password for one thing, they'd have it for all if they are all the same. So, I use the same password, and then the name of the site.

For example, if I wanted to use ABCD1234, my password for here would be ABCD1234murga

I could lengthen that if I wanted to and put the full URL of the site, just because I once saw a video that suggested that the longer the password, the harder it is to crack.

Then it could be ABCD1234www.murga-linux.com/puppy 33 characters, and still easy enough to memorise.
Back to top
View user's profile Send private message 
wiak

Joined: 11 Dec 2007
Posts: 1842
Location: not Bulgaria

PostPosted: Wed 13 Mar 2019, 04:43    Post subject:  

p310don wrote:
For example, if I wanted to use ABCD1234, my password for here would be ABCD1234murga


Okay, thanks, now we just need to brute force work out the first ABCD1234 bit you actually use as a superkey for everything, since we know what you then add that to that... Wink I just hope you don't use p310don as your username for everything too. Best to keep everything secret IMO...!

_________________
Tiny Linux Blog: http://www.tinylinux.info/
Check Firmware: www.murga-linux.com/puppy/viewtopic.php?p=1022797
tinycore/slitaz: http://www.murga-linux.com/puppy/viewtopic.php?p=990130#990130
Back to top
View user's profile Send private message 
p310don

Joined: 19 May 2009
Posts: 1433
Location: Brisbane, Australia

PostPosted: Wed 13 Mar 2019, 06:49    Post subject:  

Quote:
now we just need to brute force work out the first ABCD1234 bit


As a non-hacker / cracker type, I'd be curious to know how easy or hard it would be to crack a password. I tried using aircrack to crack a wifi password once, but gave up after 24hours with no result.

I'd be happy to make a challenge. Give me a site I have to sign up to, I'll create a unique password, using this username, and then see if someone can crack it.
Back to top
View user's profile Send private message 
nic007


Joined: 13 Nov 2011
Posts: 3196
Location: Cradle of Humankind

PostPosted: Wed 13 Mar 2019, 10:46    Post subject:  

When I visit Facebook, I'm logged in as another user already. Who hijacked whose login?
Back to top
View user's profile Send private message 
wiak

Joined: 11 Dec 2007
Posts: 1842
Location: not Bulgaria

PostPosted: Wed 13 Mar 2019, 10:52    Post subject:  

p310don wrote:
Quote:
now we just need to brute force work out the first ABCD1234 bit


As a non-hacker / cracker type, I'd be curious to know how easy or hard it would be to crack a password. I tried using aircrack to crack a wifi password once, but gave up after 24hours with no result.

I'd be happy to make a challenge. Give me a site I have to sign up to, I'll create a unique password, using this username, and then see if someone can crack it.


I'm not a 'cracker' type either, so I wouldn't know the state of that art. I do know, long time ago when computers were less powerful I once worked in a research group and used a simple password Honda123. I was shocked to find my password was brute force cracked in a matter of hours (maybe minutes) by someone else in the group, who did so to warn me to use a stronger password. Of course Honda123 is a pretty simple password to crack since uses real name followed by three single numbers. I would say that the less a cracker knows about how your password is created, the better, since more efficient cracking algorithms could certainly be developed on the basis of what is known.

_________________
Tiny Linux Blog: http://www.tinylinux.info/
Check Firmware: www.murga-linux.com/puppy/viewtopic.php?p=1022797
tinycore/slitaz: http://www.murga-linux.com/puppy/viewtopic.php?p=990130#990130
Back to top
View user's profile Send private message 
belham2

Joined: 15 Aug 2016
Posts: 1707

PostPosted: Wed 13 Mar 2019, 11:48    Post subject:  

Here's an example of what I do (a simple script):

The example is I need a 72-bit password (12 length, 6 bits per character):

Code:

#!/bin/sh

dd if=/dev/urandom count=1 2>/dev/null | base64 | head -1 | cut -c4-15


If you need a longer password, just change the "15" to "19", which gives you a 16 length password. Or, to "23", which gives you a 20-length password.

This method uses all characters and special symbols on a keyboard of a laptop or desktop computer (and transfer what you need to phones, tablets, etc). Sometimes I feel like using my bio-computer (aka: brain) and randomly adding a few more special characters into the password, like <*^->...etc. After a few beers, my bio-computer is extremely agile at creating randomness.

I also use this (above) method for all login names where I am permitted (most sites I now use no longer require use of the email as the login, so, I utilize the above script for the login also---sometimes creating a way longer egg-scramble than what they allow (in terms of length) in the password box.

My last line of defense is I create unique logins and passwords for every site I frequent. Lastly, I use Yubikey everywhere I can, especially email & other sites I frequent. No excuse not to.


Now, I know you're thinking, "how in he!! does he remember/keep track of all that craziness...." well, for stuff I don't care about, it all goes into things like 1password or Keepass.

For things I care extremely about, about 2 years ago I returned to pencil & paper, while also following rules like never accessing important sites and/or sensitive stuff outside of my own home network (a network which I tend to trust a lot more since I administer & monitor it & its equipment quite zealously).

Still, we all have to admit, against determined hackers, if they've decided they are coming after you, eventually they are going to find a way in.

So all you can do is things like randomizing (changing frequently) logins & passwords, making sure alert monitoring systems are set-up on your important sites (banks, insurance, etc) and making sure your "alert" contact email goes to a secured email (hence, the Yubikey mentioned above). Lastly, get to know your router, fall in love with it, make love to it, lol, or even better, build your own and, while you're at it, build & also run your own DNS server.

Otherwise, you just continue to hope, and as Musher likes to say, stop thinking you're going to be hit on the head with a meteor every time you open the door, lol. In other words, keep going, but always remember & act like being compromised is just a second away if you get stupid careless. This site (murga) is a perfect example of making yourself follow this philosophy---though I know no one likes to talk about it. But if we don't admit we have a unique silo of missiles here on murga, then we are only fooling ourselves.
Back to top
View user's profile Send private message 
MrDuckGuy


Joined: 31 Jan 2019
Posts: 116
Location: Hermosa Beach, CA, USA

PostPosted: Wed 13 Mar 2019, 13:06    Post subject: Re: PAASSSWWOOORRRDSSSS! What Is The Longest Password You Use??
Subject description: I Started Using Very Long Passwords ... Before I Was Making Simple And Easy To Remember Ones B'H
 

perdido wrote:
... use the GTKHash Checksum utility ...
your easy to remember phrase ... pick of
hashes and copy/paste ...
I just used this suggestion to reset the
username and the password on my new modem.

Since the modem only would accept
15 characters as maximum for both, username
and its password, I took the one "hash,"
shortest output of 32 characters and split
it up into two sets of 15, and a remainder
of two. I took the first set as the username,
and the second set is now the password.

Thanks!! B'H.

PS: as far as "crack-ability" I think a real
cryptologist wouldn't have too much trouble
with these, as there are mostly numbers and
only a few letters, all lower case, and only
a combination of four alphabetic characters
with the rest numbers. Also, the letters are
repeated, among the four, so in the first
sequence, I really only have two letters
that are repeated in a list of numbers. In
the second sequence I have three letters,
with one repeated. I'm given to understand
this makes a code less resistant to being
solved.

The website, if you're restricting it to 32
lower case letters and numbers, gave me this
output:

64wzhdrztsvhjajxuamtz326pe6tphk6

Mostly alphabetic characters, which contain
much more variety than simple numeric
characters, being that there are 26 letters
and only 10 numbers. If I'd have taken this
code for my modem, I would have ended up
with:

64wzhdrztsvhjaj & xuamtz326pe6tph
+ remainder k6

The username in the first block has only two
numbers and the rest letters, while the
password has four numbers and the rest
letters.

I'm actually not running a spy ring, so I'm
pretty certain that my modem settings are
going to be safe, in any case, just by using
the GTKHash Checksum.

The advantage of your "code" is that the
cipher for it is readily accessible, and
repeatable, while the website with the
'Strong Random Password Generator' has no
"key" and will be of no use to regenerate
the same password. That's possibly an
important and useful advantage, also it
makes it less necessary to save a long
complex password, since all you have to do
is know the "cipher," if it should become an
issue to reconstitute your coded information.

Again thanks for the tip. B'H. Wink
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [23 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1145s ][ Queries: 12 (0.0158s) ][ GZIP on ]