Discussion Topic |
|
This thread has been locked |
burnin' vernon
climber
|
|
|
Topic Author's Reply - May 29, 2019 - 11:04pm PT
|
Good grief y'all are a bunch of whiners for supposed hard men!
Modern pass word cracker, crypto miners. Drag to have an account cracked. For those favoring convenience over safety, rest assured that I don't care about 'yer stuff all that much either. I do care about my infrastructure being abused because of lamer pass phrases.
Folks also tend to reuse same pass phrases at multiple sites. My forums reside in what I consider to be a well run cloud but what happens when/if some disgruntled employee, etc. breaches things at the hardware level and gains a copy of the pass phrase database? Modern crackers do billions of guesses per second. Likely? Maybe not. Possible? Certainly. Seasoned operator types are always trying to mitigate against such. Finding the optimal balance can pose a sticky wicket. To which end I'll reduce the character count to twelve. But I'd recommend more.
I don't do password expires so pick a good pass phrase and remember that phrase.
Last government stuff I did REFUSES to use pass words all together. Got to have SSH keys and/or S/MIME fobs. Oh, and all my keystrokes were logged, even the typos.
|
|
DonC
climber
Bishop and Redlands
|
|
|
May 30, 2019 - 07:37am PT
|
the password requirement for Redpoint is very simple and it takes about 2 min to create an account. Try four-factor authentication if you want to really be entertained.
Did anyone notice that this thread and many others were temporarily locked? For a few minutes there was a message "this thread is locked", then it went away. Testing for the lockdown obviously in process.
|
|
WBraun
climber
|
|
|
May 30, 2019 - 07:47am PT
|
Modern crackers do billions of guesses per second
You're dreaming.
These climber knuckleheads wouldn't be able to crack a simple 4 character password here.
Have you ever tried a password cracker yourself?
Obviously NOT as you would never have made such a bullsh!t claim (billions of guesses per second).
Don't respond as I don't want to hear any more of this bullsh!t ....
|
|
burnin' vernon
climber
|
|
|
Topic Author's Reply - May 30, 2019 - 08:05am PT
|
With all due respect, put up or shut up, Braun;
~127 GH/s NTLM= Benchmark cracking speed i.e. 127 billion cracks per second
~26 GH/s SHA1 = Benchmark cracking speed i.e. 26 billion cracks per second
~31 MH/s md5crypt = Benchmark cracking speed i.e. 31 million cracks per second
10,972,800 billion = NTLM cracks a day = 4 x GTX1070
Link to full article here:
https://www.netmux.com/blog/how-to-build-a-password-cracking-rig
I could, uh... flesh out that list with almost infinite more links but... must I??
I have had my hands it US Treasury servers. Things are far more secure there than the govt. sites you reference. I will concede that I may be a bit anal w.r.t. this stuff but I didn't consider single authentication via 12 character pass phrase requiring a mix of numbers, upper/lower case alpha, and a "special" character or two such as @ or *. Indeed, I considered this to be pretty lax at the time.
Big Company dot Coms have employees. A minority of which may do things they are not supposed to be doing. Public rarely hears about it because Big Co. is really good at "controlling the message". Indeed, they've got entire teams dedicated to such. But rest assured that this such has occurred at some very prominent sites as a bit of trawling search engines will reveal.
Sigh!! Gonna miss some of y'all. For years and years I saved Issue #1 of Rock & Ice.
P.S.; Yeah, just for fun a few years back I let a buddy turn his GPU cracker loose. I forget how long the pass phrase was then but I am sure it was in excess of twenty very mixed characters. I didn't even have time to finish my beer before it was cracked. My keys to the kingdom pass is _considerably_ longer these days.
P.P.S.; Increased concern from attacks like this are a prime motivator for many sites using two factor authorization. But I thought that a bit excessive for web forums.
|
|
L
climber
Just livin' the dream
|
|
|
May 30, 2019 - 09:21am PT
|
Modern crackers do billions of guesses per second.
My husband and I just had our BANK ACCOUNT hacked, and we both used very sophisticated passwords to try to avoid that fiasco. What we didn't do is change our passwords often enough, I guess, and the crackers got us.
So for all you Naysayers, Whiners, and General Curmudgeons, welcome to the 21st century......get a damn long password and get on with more important stuff, will you please.
|
|
John M
climber
|
|
|
May 30, 2019 - 09:27am PT
|
cept its a climbers forum. No national secrets. No bank accounts.
|
|
burnin' vernon
climber
|
|
|
Topic Author's Reply - May 30, 2019 - 09:42am PT
|
.... I do care about my infrastructure being abused because of lamer pass phrases....
'Nuff said fer' those who just don't quite get it yet....
Peace o/
|
|
Lynne Leichtfuss
Sport climber
moving thru
|
|
|
May 30, 2019 - 10:07am PT
|
burnin' vernon, they are just practicing for the new site. :))))) Keeping the Taco Seasoning alive. :)
|
|
looks easy from here
climber
Santa Cruzish
|
|
|
May 30, 2019 - 10:08am PT
|
Good grief y'all are a bunch of whiners How's your first day on the internet going? ;)
|
|
L
climber
Just livin' the dream
|
|
|
May 30, 2019 - 11:01am PT
|
How's your first day on the internet going? ;)
Now think about Chris and RJ putting up with this sort of stuff 50 times a day for 18 years...
Sheesh....they deserve an award and our humblest thanks, not castigation.
|
|
burnin' vernon
climber
|
|
|
Topic Author's Reply - May 30, 2019 - 11:23am PT
|
Seems no good deed will go unpunished hereabouts but for those challenged by strong pass phrases - you're brain has hooks to the most important and interesting stuff. Use 'em, e.g.;
1. What was your first piece of "pro"?
Coonyard#4Hex
That's 13 right there and likely minimally suffices? But I recommend taking it a bit further....
2) Early memorable route?
CosmicFrostyCone
3) Where would you rather be?
~~^^&__
Oceans, mountains, and deserts.
Season to tastes and you've got a very secure and highly memorable pass phrase. Too much to type? Shorten #2 to CFC so some such alternate permutation that sticks.
|
|
johntp
Trad climber
Punter, Little Rock
|
|
|
May 30, 2019 - 11:30am PT
|
Seems no good deed will go unpunished hereabouts
Well, there ya go. Yer coming up to speed.
|
|
neebee
Social climber
calif/texas
|
|
|
May 30, 2019 - 12:09pm PT
|
hey there, say, L...
as to your quote:
well said:
Now think about Chris and RJ putting up with this sort of stuff 50 times a day for 18 years...
Sheesh....they deserve an award and our humblest thanks, not castigation.
|
|
sempervirens
climber
|
|
|
May 30, 2019 - 05:24pm PT
|
I successfully established my user name and password. But I did not receive the confirmation e-mail. What should I do?
June first is almost here. And it could be several days before I'm able to make smart-ass remarks to all you people.
|
|
Lynne Leichtfuss
Sport climber
moving thru
|
|
|
May 30, 2019 - 05:32pm PT
|
sempervirens, I don't know if you actually get a "hello this is your confirmation". I didn't. When I gave them my email and then checked my email....I think that was it. They just needed you to click that it was indeed your email.
|
|
sempervirens
climber
|
|
|
May 30, 2019 - 07:11pm PT
|
Thanks L:ynne. I had forgotten to check my junk mail.
|
|
apogee
climber
Technically expert, safe belayer, can lead if easy
|
|
|
May 30, 2019 - 09:32pm PT
|
'cumulative'
|
|
WBraun
climber
|
|
|
May 30, 2019 - 09:40pm PT
|
TOTAL = $5001.31 for a st00pid budget cracking machine.
Someone gonna waste their time cracking a st00pid climber forum for this.
You really are insane .....
|
|
L
climber
Just livin' the dream
|
|
|
May 30, 2019 - 09:42pm PT
|
^^^^^Oops, looks like you got confused and posted to the wrong forum, apogee.
It might be nice if you let Toby know there's a spelling error....setting up a new forum in a short amount of time is bound to produce less than perfect results.
|
|
Minerals
Social climber
The Deli
|
|
|
May 30, 2019 - 10:10pm PT
|
Stakeholder is one word, unless that part of the forum is also set aside for those who deal with vampires...
“Hi, my name’s Buffy. I slay vampires.”
[Click to View YouTube Video]
Looks good, Ken and Toby.
|
|
|
SuperTopo on the Web
|
Let us know!