Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

How come there are no Mac viruses?

Papanate said:
I've heard this is not the case. Hackers using password compilers have just as much success with 26 character passwords as 10 character password.

The biggest impediment to password hackers (my IT techs have told me) is
to not use any words or number strings you are familiar with - like a birthday of anyone in your family or a favorite vacation home address, or a car name etc... being that hackers can watch people on line and profile your habits - and thus profile your passwords derived from your habits.
Click to expand...

It depends on how the passwords are hashed. For Windows NTLM, 99% of the English keyspace is readily available in tables. For MD5, not so much. If the attacker doesn't have the hashes, then length becomes important, as do special characters, for instance, WiFi WPA wants 24 or more characters so the temporal key is rekeyed before a brute-force attack can be successful. The bottom line contains two things- don't use the same password for multiple things and non-word long passwords certainly can't hurt your security, but short, dictionary and obvious patterns can.

Paul
 
Papanate said:
I've heard this is not the case. Hackers using password compilers have just as much success with 26 character passwords as 10 character password.
Click to expand...
While I agree you shouldn't use familiar info, this part is not true. A longer password is significantly harder to crack than a shorter one. Adding just one character in length can make a password infinitely harder to crack. Go to GRC's Password Haystacks and test passwords of various lengths to see the results.
 
GGJstudios said:
While I agree you shouldn't use familiar info, this part is not true. A longer password is significantly harder to crack than a shorter one. Adding just one character in length can make a password infinitely harder to crack. Go to GRC's Password Haystacks and test passwords of various lengths to see the results.
Click to expand...

It's partially true. Google "rainbow tables" for instance. A lot of MD5 and most NTLM hashes have been pre-computed. When I've had to help people get into Windows systems, my tables have never failed once, no matter how complex the password. If the attacker has access to the hashes, length only helps if the tables aren't complete AND you're lucky enough to pick a password without a shorter collision for its hash. Collisions kill ;)

Paul
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back