Skip to main content

A note of caution: Password Checking Sites.

  Recently, several people have sent me links to check the strength of my password like this: https://www.grc.com/haystack.htm. There is a saying today that if you are not paying for a product, you are the product. Since I haven't seen any independent organization that has audited the code of these sites to prove that they are not also collecting passwords, we must trust that they do not keep copies the entered passwords or their hashes. Either these sites all have a large amount of altruism, or they are creating the most precise rainbow tables [1] available on the market.  There's nothing like doing statistical analysis on a general rainbow table with real passwords to hone its accuracy. Placing blind trust in a 3rd party with one's passwords is never a good idea. I don't think any bank representative would recommend typing one's account password into an un-audited website to check its strength.
  If you run one of these sites and have had such an audit, please let send me a link to the audit and a link to the organization that did the audit. I will include them here.


[1] Rainbow tables are conveniently structured databases of known password information used for efficiently cracking passwords. http://en.wikipedia.org/wiki/Rainbow_table


keywords: hacking, cracking, passwords, security
Labels:

Comments

Post a Comment

Popular posts from this blog

Fixing SSH connection problems in EGit in Eclipse

Note: I posted a version of this on Stack Overflow. Errors can occur when there is an underlying SSH authentication issue, like having the wrong public key on the git remote server or if the git remote server changed its SSH host key. Often the an SSH error will appear as: " Invalid remote: origin: Invalid remote: origin" Eclipse will use the .ssh directory you specify in Preferences -> General -> Network Connections -> SSH2 for its ssh configuration. Set it "{your default user directory}.ssh\" . To fix things, first you need to determine which ssh client you are using for Git. This is stored in the GIT_SSH environmental variable. Right-click on "Computer" (Windows 7), then choose Properties -> Advanced System Settings -> Environment Variables. If GIT_SSH contains a path to plink.exe, you are using the PuTTY stack. To get your public key, open PuTTYgen.exe and then load your private key file (*.ppk). The listed public key sho...
Post a Comment
Read more

How the find the Active Directory Domain Controllers listed in DNS on Linux...

Assumptions: You have the "host" utility from BIND. You can do a zone transfer from the local DNS server Your Active Directory admins have properly configured DNS for Active Directory If you have the above, use the following command: host -t srv -l your.active.directory.dns.domain | grep _kerberos._tcp.*._sites.dc._msdcs.your.active.directory.dns.domain Replace your.active.directory.dns.domain with your actual AD DNS domain.
Post a Comment
Read more

How to fix this ssh error from a Cisco switch: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits

Problem ssh user@cisco_switch returns: ssh_rsa_verify: RSA modulus too small: 512 < minimum 768 bits key_verify failed for server_host_key Solution The modulus of the ssh RSA key pair on the switch is too small. If you have access, generate a new key pair on the switch with a larger modulus. Procedure Login with ssh protocol version 1 ( ssh space dash one ): ssh -1 user@cisco_switch (On the switch): enable (On the switch): Authenticate to "Privileged Exec Mode" mode on the switch. (On the switch): conf t (On the switch): crypto key generate rsa general-keys modulus 1024 (On the switch): Press enter to accept that the current key pair for the switch will be replaced. You now should be able to log into the switch with ssh protocol version 2.
Post a Comment
Read more