How to increase the security!

For discussions about security.
Message
Author
User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#46 Post by 01micko »

Barkin wrote:Just remembered Puppy can calculate MD5 via console (aka terminal) ... http://puppylinux.org/wikka/md5sum

http://www.puppylinuxfaq.org/how-to/20-linux-tips/44-copy-and-paste-to-terminal.html
Just two points I'd like to make here:

1. There is the chance of error when you put your text into a file and run md5sum. There can be no whitespace on the end of the string or carriage returns. If you produce it using "echo" you must use /bin/echo, that is, echo -n.

2. If you store that file then there isn't much point! An attacker could easily get hold of the file.
You can run md5sum from stdin like so:

Code: Select all

# echo -n '5&kr&t'|md5sum
5622165cab4eb0217daa09f574bd3c3d  -
Attachments
capture24653.jpg
(55.31 KiB) Downloaded 287 times
Puppy Linux Blog - contact me for access

User avatar
Barkin
Posts: 803
Joined: Fri 12 Aug 2011, 04:55

#47 Post by Barkin »

01micko wrote:2. If you store that file then there isn't much point! An attacker could easily get hold of the file.
You can run md5sum from stdin like so:

Code: Select all

# echo -n '5&kr&t'|md5sum
5622165cab4eb0217daa09f574bd3c3d  -
That was just to show the MD5 calculators were in agreement, I did say not to write down the salt 5&kr&t ...
Barkin wrote: ... the real passwords are MD5s of those words in quotes plus a secret string of characters I have committed to memory and never write down, e.g. 5&kr&t
It's the only thing you have to memorize to have an unlimited number of secure passwords.
BTW I use something longer than 5&kr&t as a salt : I use a 15 character string not in the dictionary,

So even if someone knows my list of dummy passwords and the method I've used they will still have to do a brute force attack on a 15 character unknown which could take some time ...
It would take a desktop PC about 157 billion years to crack your [15 character] password
http://howsecureismypassword.net/
Time Required to Exhaustively Search this [15 character] Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 1.49 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 1.49 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.49 million centuries
Note that typical attacks will be online password guessing
limited to, at most, a few hundred guesses per second.
https://www.grc.com/haystack.htm

The above times do not include the additional time taken to calculate the MD5 for each guess: MD5 (DummyPassword+BruteForceGuess).

Post Reply