Shotgun Posted January 28, 2005 Share Posted January 28, 2005 i use 12 characters, in which the words are in the dictionary. and no hackingas of yet. You've just been lucky. I work in a university, and I can't indulge myself into that luxury. There's always some "smartie" who tries everything to get at the admin password or restricted areas. You name it: software keyloggers, HW keyloggers, cellphone cameras (taking video while someone is writing their pw or entering an access code in a keypad), the ol' looking over the shoulder trick, etc. Of course, most of those hackers-wannabe's are either suspended from the university, or dropped off after applying disciplinary action.I use a biometric HW key for really critical things, and if I ever need to write a password @ a public use computer at the university, I change the pw immediately a few seconds afterwards. I've had my share on too many hacking attempts. Link to comment Share on other sites More sharing options...
sonu27 Posted January 28, 2005 Share Posted January 28, 2005 I would say 8. Link to comment Share on other sites More sharing options...
choppa Posted March 30, 2005 Share Posted March 30, 2005 I use a biometric HW key for really critical things...I assume that you're reffering to biometric scanners which are hardwired (locked) and can't be manipulated (plugged in/unplugged). Because if they are movable, it only takes 5 seconds for someone with a hardware passthrough logger to record the communication details, and a bit of time to decode the encoding mechanism.I should know, as it has happened around a place I frequent. Resulted in massive security overhaul.. biometric ID, RFID tags, and live guards at all key entrances. Link to comment Share on other sites More sharing options...
Glowy Posted March 30, 2005 Share Posted March 30, 2005 Depends what's the use for it.. my regular pwd is 6 but the pwd on my firewall is 16 characters... random characters.. took me a while to memorize too Link to comment Share on other sites More sharing options...
TiXer Posted March 30, 2005 Share Posted March 30, 2005 13 off course! My lucky number! Link to comment Share on other sites More sharing options...
army20 Posted April 1, 2005 Share Posted April 1, 2005 I have 6 characters for windows and 49 for PGP Link to comment Share on other sites More sharing options...
Nilfred Posted April 3, 2005 Share Posted April 3, 2005 Underlie hash strength bit length / 8 + 1That is for 64 bit hash = 64 / 8 + 1 = 9 charactersNo matter how long your password is there are only 2^64 posible hashes.2^64 = 184467440737095516169 Alpha and numbers mixing case and repeating 9 of them are:58 VR 9 = 58 ^ 9 = 74276587396449289 Full ASCII = 255 ^ 9 =4558916353692287109375 Link to comment Share on other sites More sharing options...
SiMoNsAyS Posted April 3, 2005 Share Posted April 3, 2005 9/10 characters long. you must use at least 2 ascii chars (and/or 2 capitals), 2 symbols and 2 numbers.a password generator will take thousands of years to find it. Link to comment Share on other sites More sharing options...
phoenix_nf Posted April 24, 2005 Share Posted April 24, 2005 6 characters. thats the minimum they ask you while registering at websites. Link to comment Share on other sites More sharing options...
godan Posted April 25, 2005 Share Posted April 25, 2005 i think it depends on what the password is for, all i know is i hate when places require certain things, like you must have x amount of numbers bla bla bla i like my pass to be whatever i want it to be, the last thing i need is another random password to remember just to log on to a message board or sometrhing, not that this one does that nind you.. Link to comment Share on other sites More sharing options...
Brando569 Posted May 22, 2005 Share Posted May 22, 2005 i if remember correctly 7 is the magic number. if a password hash is detected that it has more then 7 characters it breaks the hash in half and 'cracks' its like that so its speedier (it runs 2 smaller hashes at the same time instead of one large one) myself i just use a password with ASCII characters, numbers and letters thats more then 7 characters as of yet LC4 cant crack it, (havent tried 5) LC4 said it would take years to crack Link to comment Share on other sites More sharing options...
Lost Soul Posted May 26, 2005 Share Posted May 26, 2005 id say 8 for me ,, makes me feel a pinch safe some times lol Link to comment Share on other sites More sharing options...
rikgale Posted May 26, 2005 Share Posted May 26, 2005 8 is the way to go. Pick a word you like and replace all 'O's and 'L's with 1's and 0's. Link to comment Share on other sites More sharing options...
Eonic Posted May 27, 2005 Share Posted May 27, 2005 You should not use passwords, period. Use passphrases. L0phtcrack is kind of obsolete in tools used for enumerating passwords. As mentioned earlier rainbow tables is the latest and will munch through passwords in seconds, regardless of which alphanumeric characters you may have used. There are rainbow table forums where they have collectively collaborated on creating large sets of tables for LM (LanMan) passwords. LM hashing is used by Windows for passwords <15 characters. Passwords/phrases >15 characters are automatically stored with NTLM hashing which requires considerably larger rainbow tables (many, many GB) to be enumerated accurately. NTLM hash is of course not foolproof, but increases the security and your sense of safety.If you still wish to use passwords <15 characters, at least turn off the use of the LM hash. This can be done in many ways, one of which is this: (and all these changes require administrator privelieges)WinKey+R >> secpol.msc >> Local Policies >> Security OptionsThen find: "Network Security: Do not store LAN Manager hash value on next password change"It is set to "Disabled" by default, change it to "Enabled" and reboot. Change your password and voila, you're done.You could also take a look at thraslm from toolcrypt.org which removes the LM hash from the registry without a reboot. Link found here: http://www.toolcrypt.org/index.html?thrashlmAs for the plain registry hack for the registry addicts and unattended cd creators like myself out there, you can change this key/value:[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa]"LMCompatibilityLevel"=dword:00000000"NoLmHash"=dword:00000000Change To:"LMCompatibilityLevel"=dword:00000003"NoLmHash"=dword:00000001Which changes the settings from both LM/NTLM to NTLM only. Just to clarify, disabling LM hash in this way will make the encrypted hash version of your password/phrase a lot more safer from rainbow tables. It does _not_ make it safe to use short passwords from other cracking methods like brute forcing, so I still recomend you to not be lax with what type of password you have. At least this way you do not need a >15 character password to get NTLM security. I hope this was helpful to someone at least, and in light of the Star Wars mood around now.. may the security be with you. Link to comment Share on other sites More sharing options...
Blam-O! Posted June 30, 2005 Share Posted June 30, 2005 A mim of 6 including at least one number. But the more the better, usually anyways.... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now