Security Adviser | Roger A. Grimes » Comments to my password contest column

November 13, 2006 | Comments: (0)

Comments to my password contest column

TAGS: None

Readers write in about my password contest column
--------------
From: Bacchu, Anjan
Sent: Friday, November 10, 2006 9:15 PM

Hi roger,

Nice to know that your challenge was taken and [someone] succeed[ed].

"No one has cracked the two larger challenges as of press time, although I know there are several hundred computer teams -- one with over 1,000 computers --working on the challenges."

Sometime in the future, for those who cannot afford to have their own 1000 computer nodes OR use cracked machines on the 'net, the Amazon EC2 might be a good resort. Keep adding more machines till the problem is solved!

Can your 10 char password cracker tell you his methodology ?
Thank you,
BR,
~A
-------------
Roger's reply:

Tony used Linux-based John the Ripper on two machines with a custom john.ini
file.
-----------
Hi Roger,

Chunking is the key to a good password, in my humble opinion. String together a few obscure "chunks" of 4 to 7 characters-things like acronyms, numbers or misspelled words-and you can create devilish passwords that are not all that hard to remember. I routinely carry in my head at least four passwords of 16 characters or longer. I feel pretty safe from getting guessed.

MJH
------------

Posted by Roger Grimes on November 13, 2006 05:17 PM

RATE THIS ARTICLE: