forwardone
06-02-04, 08:05 AM
In an effort to help prevent E-gold hacking I thought I would post part of an article I read very recently.
Quote:
The E-g0ld account that we had h@cked had a passphrase made up of exactly 10 characters and a number, which is currently the maximum length the software can cr@ck in a reasonable timescale. However, each extra letter or digit increases the time to cr@ck the passphrase increase from hours to days, to weeks/months/years, which means the longer the passphrase the harder it is to crack, increasing geometrically with each character added.
Ok, what's the moral of the story?
1) Increase the length of your passphrases to at randomly generated alphanumeric characters of length 11 or more.
2) Include punctuation characters into your passphrase as the h@cking software currently doesn't look for these characters, as this would increase the time to find standard passphrases significantly and therefore h@ckers will look for simpler codes to cr@ck instead.
3) In the future the software will no-doubt be updated to look for passphrases of length 11+ and will include punctuation characters.
However, what are on your side of the E-g0ld user are the real-world bandwidth limitations, which would take current algorithms nearly 100-years to break passphrases of length 15. We would therefore recommend passphrases of length 16 of more; including punctuation and your E-g0ld should be safe from cr@cking software in this lifetime!
Please note the following: -
1) Longer passphrase are harder to remember and have the consequences that they are easily forgotten and often are required to be written down, which introduces new security issues, but at least you are being proactive and not just waiting for an accident to happen!
2) You are still very much required to take reasonable security precautions, such as use of up-of-date firewalls and anti-virus software to prevent viruses/h@ckers compromising your computer in order to gain your E-g0ld passphrase.
------------------------------------------------------------------------------------
Some interesting points there, I think. =D>
Geoff
Quote:
The E-g0ld account that we had h@cked had a passphrase made up of exactly 10 characters and a number, which is currently the maximum length the software can cr@ck in a reasonable timescale. However, each extra letter or digit increases the time to cr@ck the passphrase increase from hours to days, to weeks/months/years, which means the longer the passphrase the harder it is to crack, increasing geometrically with each character added.
Ok, what's the moral of the story?
1) Increase the length of your passphrases to at randomly generated alphanumeric characters of length 11 or more.
2) Include punctuation characters into your passphrase as the h@cking software currently doesn't look for these characters, as this would increase the time to find standard passphrases significantly and therefore h@ckers will look for simpler codes to cr@ck instead.
3) In the future the software will no-doubt be updated to look for passphrases of length 11+ and will include punctuation characters.
However, what are on your side of the E-g0ld user are the real-world bandwidth limitations, which would take current algorithms nearly 100-years to break passphrases of length 15. We would therefore recommend passphrases of length 16 of more; including punctuation and your E-g0ld should be safe from cr@cking software in this lifetime!
Please note the following: -
1) Longer passphrase are harder to remember and have the consequences that they are easily forgotten and often are required to be written down, which introduces new security issues, but at least you are being proactive and not just waiting for an accident to happen!
2) You are still very much required to take reasonable security precautions, such as use of up-of-date firewalls and anti-virus software to prevent viruses/h@ckers compromising your computer in order to gain your E-g0ld passphrase.
------------------------------------------------------------------------------------
Some interesting points there, I think. =D>
Geoff