Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX



On Tue, Jul 23, 2013 at 11:16:06PM -0400, Bill Horne wrote:
> Since my password isn't in a dictionary, and doesn't contain any common 
> substitutions that would allow for guessing, I'm not concerned about the 
> breach.

Dictionary attacks are kind of... passe. It's all password lists culled
from the numerous other cracked sites and targeted brute force GPU
cracking these days:

http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

But your basic strategy works okay provided you never reuse a password,
since you can't really ever know what the security on the other side of
a web page you didn't write looks like. Ubuntu salted and hashed their
passwords, but plenty of sites just store them in plaintext or use fast
hashing schemes like MD5 which are quick to brute force with a GPU
cracking tool.

-ben

--
if you can't annoy somebody, there's little point in writing.
                                              <kingsley amis>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org