There is a difference between a password (something checked by a limited gatekeeper) and an encryption key (something that can be attacked in parallel).
Passwords do not need to be so secure. Think of the ATM PIN. Sure, attackers might break into a web site and steal hashes, but if they have already broken into the protected web site, who cares if they can crack the hash? (Those who used that password elsewhere, that's who cares, and they are fools to reuse passwords. Sorry I just called nearly everyone fools.)
• Don't recycle passwords between sites. • Design whatever password format you like, but use real random data to choose HOW it is filed out. (Doesn't matter whether it *seems* random enough to you, use something that *is* random.) Diceware or xkcd method are great! • Don't sweat passwords being wildly complex, put that efforts into encryption keys - they are what is hard to manage.
Главное - не использовать один и тот же пароль на разных сайтах.
Кроме того, необязательно использовать очень сложные пароли - но важно использовать для их составления действительно случайные данные (а не те, что кажутся достаточно случайными)
https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
Как проверяете надежность?
http://forensics.ru/InFuWo.htm - притча 2.7 :)
Reply
Reply
Reply
Reply
There is a difference between a password (something checked by a limited gatekeeper) and an encryption key (something that can be attacked in parallel).
Passwords do not need to be so secure. Think of the ATM PIN. Sure, attackers might break into a web site and steal hashes, but if they have already broken into the protected web site, who cares if they can crack the hash? (Those who used that password elsewhere, that's who cares, and they are fools to reuse passwords. Sorry I just called nearly everyone fools.)
• Don't recycle passwords between sites.
• Design whatever password format you like, but use real random data to choose HOW it is filed out. (Doesn't matter whether it *seems* random enough to you, use something that *is* random.) Diceware or xkcd method are great!
• Don't sweat passwords being wildly complex, put that efforts into encryption keys - they are what is hard to manage.
Reply
А если по-русски, в 2х словах?
Reply
Кроме того, необязательно использовать очень сложные пароли - но важно использовать для их составления действительно случайные данные (а не те, что кажутся достаточно случайными)
Reply
Leave a comment