|
|
How good is your password?
|
|
|
|
Forum Regular
Join Date: Nov 1999
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: CO
Status:
Offline
|
|
Wow, that analyzer is pretty wicked - nice, dynamic response as you type along with a new candidate for a password...
But is sure requires a mess of different letters and number to get a rating above 60% (let alone 80%).
|
TOMBSTONE: "He's trashed his last preferences"
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Rochester, NY, USA
Status:
Offline
|
|
I don't have to test my password -- I know it's unbreakable.
It's the same password that I have on my luggage.
|
Member of the the Stupid Brigade! (If you see Sponsored Links in any of my posts, please PM me!)
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Amboy Navada, Canadia.
Status:
Offline
|
|
Well, I should try my passwords in there....I haven't used keychain partly because I distrust the whole "One password unlocks the rest" idea, but mainly because my non-admin user password is terrible anyway ;-)
I'll say almost all of my passwords are horrible here, maybe it'll spur me on to create better passwords....I've been cracking them all week as it is, defeating encryption on some old archives (my own, not to worry, just exploring the tools and getting some of my old files back as a bonus), and found that even 9 letter passwords are crackable within a week on a year old PC when it's all lowercase letters. I've been researching methods of making decent passwords and obfuscating them better, but I still haven't thought of a decent method to make up base passwords that aren't random characters or mentioned on the second link....any ideas?
edit: 19, 37, 55, 23, 36, 48, and a few others. One I just made up that i could remember is 210, but there's no way to modify it to make new passwords out of it. A second one got 270, but is "too simplistic or systematic" since it was an actual sentance. Hopefully whatever I make up will be >100 , and hopefully no one installed a keylogger on my system ;-D
(
Last edited by yukon; Sep 25, 2004 at 11:34 PM.
)
|
[img]broken link[/img]
This insanity brought to you by:
The French CBC, driving antenna users mad since 1937.
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Dec 2001
Location: Promised Land
Status:
Offline
|
|
My login pass is 36.2, while my PGP phrase is 130.6.
|
G5 2.5 DP/2GB RAM/NVidia 6800 Ultra
PowerBook Al 1Ghz/768MB RAM
6gb Blue iPod Mini
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2003
Location: NY²
Status:
Offline
|
|
Originally posted by dreilly1:
I don't have to test my password -- I know it's unbreakable.
It's the same password that I have on my luggage.
12345?
my password currently is a 36. i just created a 62 for myself.
(
Last edited by mdc; Sep 25, 2004 at 11:54 PM.
)
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Sep 2000
Status:
Offline
|
|
Originally posted by dreilly1:
I don't have to test my password -- I know it's unbreakable.
It's the same password that I have on my luggage.
"fragile"?
-r.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Dec 2002
Location: Silicon Valley
Status:
Offline
|
|
31.1.... mine is too short my life has been ruined....
|
Anyone who would letterspace blackletter would steal sheep. - Frederic Goudy
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2001
Location: Chico, CA and Carlsbad, CA.
Status:
Offline
|
|
51.7. I agree, cool keychain assistant. Cool thread.
|
"In Nomine Patris, Et Fili, Et Spiritus Sancti"
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2000
Location: Not Quite Phoenix
Status:
Offline
|
|
Nice discovery.
I know my password is horrible. I've used it too long and for too many different things. It'll probably take getting burned for me to change it.
Then again, seeing this thread might do the trick, too. It's time.
|
Jalen's dad. Carrie's husband. partisan. Bleu blanc et rouge.
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Mar 2004
Status:
Offline
|
|
Originally posted by DigitalEl:
Nice discovery.
I know my password is horrible. I've used it too long and for too many different things. It'll probably take getting burned for me to change it.
Then again, seeing this thread might do the trick, too. It's time.
same here
cool find.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
82.7 (it's a random 16 character alphanumeric string
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2002
Status:
Offline
|
|
"My login pass is 36.2, while my PGP phrase is 130.6." gives 376.9
"passwordpasswordpassword1" gives 129.2
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2001
Location: CO
Status:
Offline
|
|
hmmmmmmmm...
Thanks for that last one, PER.
That casts some doubt on the assistant's algorithm - aren't most encryption-breaking processes going to pick through such repetitions quickly?
|
TOMBSTONE: "He's trashed his last preferences"
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally posted by Love Calm Quiet:
hmmmmmmmm...
Thanks for that last one, PER.
That casts some doubt on the assistant's algorithm - aren't most encryption-breaking processes going to pick through such repetitions quickly?
Actually, "�asdf�����������������������������" rates pretty highly, too.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2000
Status:
Offline
|
|
31. That tool is pretty neat.
While we're here, does anybody want to tell me how to stop the password prompt from appearing every reboot? I've searched here and can't find the answer. I've also buggered around in Keychain Access and can't figure it out.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Feb 2003
Location: NY²
Status:
Offline
|
|
password prompt every reboot? are you talking about the login screen?
if so, system preferences > accounts > login options > automatically login as:
if not, i apologize, and i have no idea which password prompt you are talking about. i don't get any. my keychain opens sans password.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Canada
Status:
Offline
|
|
If your login password is different from your keychain password, you'll need to unlock your keychain manually each time you login, and hence the password dialogue.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: Nov 1999
Status:
Offline
|
|
The best way to check your password is with John The Ripper or some such brute force password cracking utility. What I thought was a pretty good password took John The Ripper about 35 minutes to crack and then Lepton's Crack finished the job in another 2 seconds. You'll quickly find that if someone has access to your computer, cracking the NTLM hash won't take too long. Because the NTLM hash is really two separate seven character passwords, your 10 character password is only one seven character password and one three character password. An eight character password is stored as one seven character password and one one character password. Take a look at these threads for instructions. I've only used John The Ripper and Lepton's Crack which were compiled from the source but I believe there are GUI versions of JTR available. The following links should get you started.
http://www.openwall.com/john/ -John The Ripper. Look towards the bottom for an OS X specific installer.
http://usuarios.lycos.es/reinob/ -Lepton's Crack. I had to redownload the Xcode 1.5 installer and custom install gcc 2.95.2. I then had to sudo gcc_select 2 in order to get lcrack to compile properly. Note that you don't perform an install. Just configure and make. Copy the lcrack app where you want it to go. In my case /usr/local/bin
http://freaky.staticusers.net/ugboar...834&highlight=
http://freaky.staticusers.net/ugboar...026&highlight=
http://freaky.staticusers.net/ugboar...336&highlight=
http://freaky.staticusers.net/ugboar...ic.php?t=10847
If you are cracking hashes from 10.3, this script will make using JTR and lcrack much easier. Just run the script on the hash and it will place the NTLM and SHA1 hashes in the proper format for each cracking app.
#!/bin/bash
# ExtractHash 1.0
if [ ! $# = 1 ]; then
echo "Usage:"
echo "./ExtractHash name_of_hash_file"
exit
fi
echo
the_file=`basename "${1}"`
H=`cat "${1}"`
echo "Username:"${H:0:32}:${H:32:32}:"Filename (possibly the GUID) "$the_file >> passwdNT4
echo "Username:"${H:64:40}:"Filename (possibly the GUID) "$the_file >> passwdSHA1
echo "File: passwdNT4"
sort -us passwdNT4
echo
echo "File: passwdSHA1"
sort -us passwdSHA1
Once you have the NTLM version cracked, unless it's all caps, you'll need to crack the SHA1 password to see what is upper and what is lower case. No problem, use Lepton's Crack with regex that matches the NTLM and you'll have it cracked in seconds.
lcrack -m sha1 -xb+ -s 'a-zA-Z0-9!-/' -g '[Pp][Aa][Ss][Ss]#1' -l 6 sha1
In this example the password from john was PASS#1. Here's the breakdown. -m Mode is sha1. xb+ Turns on the brute force mode, the + means to turn it on. -s is the character set to use. For example -s 'a-zA-Z0-9!-/' will try all the possible letters, numbers, and symbols in upper and lower case. -g '[Pp][Aa][Ss][Ss]#1' is a regex flag so it knows what to try and match. In this example, since we know what the password is but not the case of the letters, try each letter in upper and lower case. -l 6 is the length of the password, in this case 6 characters. sha1 is the name of the text file containing the username:hash combo to crack.
alpha = a-zA-Z
alpha-numeric = a-zA-Z0-9
alpha-numeric-symbol14 = a-zA-Z0-9!-/
alpha-space = a-zA-Z\x20
printable = \x20-~
all = \x00-\xff
If you're having problems, check the links provided earlier in the post.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Mar 2000
Location: London, UK
Status:
Offline
|
|
Originally posted by uochris:
You'll quickly find that if someone has access to your computer, cracking the NTLM hash won't take too long.
I don't use Microsoft Windows NT LAN Manager for my authentication, and in fact I doubt practically anyone else here does.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status:
Offline
|
|
Originally posted by dreilly1:
I don't have to test my password -- I know it's unbreakable.
It's the same password that I have on my luggage.
He says it clearly, his pass is "unbreakable"
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: May 2003
Location: Cincinnati, Oh
Status:
Offline
|
|
i just changed my password. it now ranks 108.6. a nice upgrade from 26.1. of course, what does it even matter? afterall, anyone with a Panther install disk can change the password.
|
20" iMac/2.4 C2D/4GB RAM/320 HD + ViewSonic VX2025WM
13" MBP/2.26 C2D/4GB RAM/250 HD
16 GB iPhone
|
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2000
Location: Burlington, VT, USA
Status:
Offline
|
|
Originally posted by EdipisReks:
i just changed my password. it now ranks 108.6. a nice upgrade from 26.1. of course, what does it even matter? afterall, anyone with a Panther install disk can change the password.
unless you password protect the open firmware.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Sep 2001
Status:
Offline
|
|
I got a 46.5. Meh, I'll stick with it.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2000
Status:
Offline
|
|
Originally posted by mdc:
password prompt every reboot? are you talking about the login screen?
if so, system preferences > accounts > login options > automatically login as:
if not, i apologize, and i have no idea which password prompt you are talking about. i don't get any. my keychain opens sans password.
Originally posted by dtriska:
If your login password is different from your keychain password, you'll need to unlock your keychain manually each time you login, and hence the password dialogue.
I'm using automatic login, but once my desktop appears there's a dialog box asking for my password. My login password and keychain password are the same. I can't quite remember which password it asks for. I'm sure it's the keychain, because Mail won't check for messages until I enter the password.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Aug 2004
Location: Outfield - #24
Status:
Offline
|
|
41.4 and it's NOT changing anytime soon.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2001
Location: Manchester,UK
Status:
Offline
|
|
Originally posted by manofsteal:
41.4 and it's NOT changing anytime soon.
Odd, mine got that two. and since it's a short number string and a word that is no longer connected with me in any way. I am also sticking.
|
|
|
|
|
|
|
|
|
Forum Regular
Join Date: May 2004
Status:
Offline
|
|
no joke, my password score is 111.8. Its quite a complex password...
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Jun 2002
Status:
Offline
|
|
my normal password is 43. My other - ultra-high security password - is 192(!). It's just that I have almost never found anything interesting enough to encrypt it so secure.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Oct 1999
Location: Always within bluetooth range
Status:
Offline
|
|
Originally posted by manofsteal:
41.4 and it's NOT changing anytime soon.
Yes, but if you have "Check for Rickey Henderson based passwords" checked ON, it will drop to 5.6
|
|
|
|
|
|
|
|
|
Photo Architect
Join Date: Jun 2003
Location: Bamberg, Germany
Status:
Offline
|
|
Lower is better right?
My score is too low to post here.
|
"Microsoft is a cross between the Borg and the Ferengi. Unfortunately, they use Borg to do their marketing and Ferengi to do their programming." Simon Slavin
Me on Flickr.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Apr 2003
Location: The City Of Diamonds
Status:
Offline
|
|
I got 9.1 meh who cares. I'm not changing it, I already need to remember too much PIN's and passwords.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2003
Location: Newport News, VA USA
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2000
Location: Canada
Status:
Offline
|
|
Originally posted by bradoesch:
I'm using automatic login, but once my desktop appears there's a dialog box asking for my password. My login password and keychain password are the same. I can't quite remember which password it asks for. I'm sure it's the keychain, because Mail won't check for messages until I enter the password.
It's possible your keychain is damaged: http://docs.info.apple.com/article.html?artnum=151548
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: May 2001
Status:
Offline
|
|
Mine is 44% which I think is a joke. It has uppercase letters, lowercase letters, numbers and punctuation right through it. I can't see how that is no better than passwordpasswordpassword1.
|
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: Mar 2004
Status:
Offline
|
|
Originally posted by Mediaman_12:
it's a short number string and a word
is there an underscore between the short number string and the word, Mediaman_12?
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Feb 2001
Location: Houston, Texas
Status:
Offline
|
|
53.6
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 2002
Location: Chicago, IL
Status:
Offline
|
|
71.5.
But an real cracking attempt would probably use a list of common English words as a dictionary for generating passwords, which the keychain app doesn't take into account. PER mentioned this I believe.
|
We need less Democrats and Republicans, and more people that think for themselves.
infinite expanse
|
|
|
|
|
|
|
|
Mac Enthusiast
Join Date: May 2002
Location: Seattle, WA, USA
Status:
Offline
|
|
|
#macnn: where all the real action is at.
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jul 2001
Location: Sydney, Australia
Status:
Offline
|
|
Originally posted by [APi]TheMan:
51.7. I agree, cool keychain assistant. Cool thread.
****, mine also got 51.7 - I wonder if we have the same password
|
You can't eat all those hamburgers, you hear me you ridiculous man?
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status:
Offline
|
|
abc123 has worked for me all these years, why change it now?
I'm actually ony a 31, becuase of a "dictionary-based word" despite the fact that there's a random number along with that word. You've got to get into waaaay too many characters for me to remember before the thing gets to 100.
|
When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Originally posted by chris v:
abc123 has worked for me all these years, why change it now?
I'm actually ony a 31, becuase of a "dictionary-based word" despite the fact that there's a random number along with that word. You've got to get into waaaay too many characters for me to remember before the thing gets to 100.
Read the second of the MacOS X hints linked in the original post to find out why that is a lie. It is exceedingly easy to generate long but easy to remember passwords.
As I authored the hint, don't be surprised that the lowest I score is around 93 and that many of my passwords score (far) better.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2004
Location: Theory - everything works in theory
Status:
Offline
|
|
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Dec 2003
Location: Los Angeles of the East
Status:
Offline
|
|
56.9, not too shabby I guess.
|
NOW YOU SEE ME! 2.4 MBP and 2.0 MBP (running ubuntu)
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: London, UK
Status:
Offline
|
|
62. Considering most people round here have their passwords stuck on the front of their monitors, I think that's not too bad.
|
|
|
|
|
|
|
|
|
Senior User
Join Date: Jan 2003
Location: Stuttgart, Germany
Status:
Offline
|
|
The ultra-secret Spathi Cypher, which is known only by me and several billion other Spathi is `Huffi-Muffi-Guffi'.
Interestingly, it rates at a solid 109.0!
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2003
Status:
Offline
|
|
Originally posted by Webscreamer:
31.1.... mine is too short my life has been ruined....
mine also...and here I thought it was pretty decent.
Neat trick. Thanks for posting it.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2003
Location: ~/
Status:
Offline
|
|
41.something, though mine's an essentially random 6-character alphanumeric string with both upper and lowercase. Seems like a low score to me.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jul 2002
Location: Youngsville, NC
Status:
Offline
|
|
Mine's a 31 and staying put, like another uy said, I have too many to remember as it is now.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Bump, given the justifiable "scare" surrounding the Opener script and what it has the potential to do if you were to stupidly install it...
All of you with a password scoring a derisory 40 or less should perhaps think again about that decision. Just how long would it take John the Ripper to crack it? It is exceedingly easy to generate long, hard to crack but simple to remember passwords. Do yourself a favour and think about doing so now.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|