GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE

  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Anthony Collette :donor: / Loistava (anthonycollette@infosec.exchange)'s status on Tuesday, 09-May-2023 08:58:19 JST Anthony Collette :donor: / Loistava Anthony Collette :donor: / Loistava

    “DIGITAL GARLIC” SCARES AWAY HACKERS

    Time Management for Hackers

    Attackers don’t bother brute-forcing passwords that are long or passwords that contain special characters.

    Every one of us — hackers included — only have 24 hours in every day. So how do criminal hackers make the best use of their time when brute-forcing passwords?

    Microsoft researcher Ross Bevington analyzed the usernames and passwords hackers entered from over 25 million brute-force attacks.

    Here's the breakdown of 30 days' worth of attacks against passwords:

    ➡️ 6% attacked passwords over 10 characters in length.
    ➡️ 7% attacked passwords which included special characters.
    ➡️ 39% attacked passwords with numbers in them.
    ➡️ 0% attacked passwords with spaces.

    Hackers definitely *stayed away* from passwords which were longer (94% of the time), and they *didn't bother* spending much time cracking passwords which contained special characters (only 7% of the time).

    Probably because of the common use of numbers at the end of passwords, hackers definitely honed in on digits.

    But hackers *didn't even attempt* brute-forcing passwords with spaces, most likely because including spaces in passwords is still fairly uncommon.

    From the article written by Catalin Cimpanu:

    "The researchers' findings suggest that longer passwords that include special characters are most likely safe from the vast majority of brute-force attacks, as long as they haven't been leaked online and are part of attackers' brute-forcing dictionaries."

    Should we include special characters (including spaces) in our passwords?

    Here we have high-quality evidence collected by Microsoft at scale. It shows decisively that password length and the inclusion of special characters act like digital garlic, keeping the vampires and werewolves at bay — keeping the bad guys away from our online accounts.

    How do ordinary consumers get this “digital garlic” in an easy way? They use a Password Manager.

    https://therecord.media/attackers-dont-bother-brute-forcing-long-passwords-microsoft-engineer-says/

    #Passwords
    #PasswordManagers
    #ComplexPasswords
    #SpecialCharactersInPasswords
    #TimeManagementForHackers
    #DigitalGarlic
    #Microsoft

    In conversation Tuesday, 09-May-2023 08:58:19 JST from infosec.exchange permalink

    Attachments


    1. https://media.infosec.exchange/infosecmediaeu/media_attachments/files/110/136/027/822/298/556/original/54397dadbdcc52a1.png
    • Embed this notice
      Pi (pi@fosstodon.org)'s status on Tuesday, 09-May-2023 08:58:13 JST Pi Pi
      in reply to

      @AnthonyCollette
      Key takeaway: alway use ten spaces as password. SCNR :D

      In conversation Tuesday, 09-May-2023 08:58:13 JST permalink
      clacke likes this.
    • Embed this notice
      Brahn (brahn@hachyderm.io)'s status on Tuesday, 09-May-2023 08:58:22 JST Brahn Brahn
      in reply to

      @AnthonyCollette ah..

      "I analysed the credentials entered from over >25 million brute force attacks against SSH."

      I was missing something.

      In conversation Tuesday, 09-May-2023 08:58:22 JST permalink
      clacke likes this.
    • Embed this notice
      Brahn (brahn@hachyderm.io)'s status on Tuesday, 09-May-2023 08:58:23 JST Brahn Brahn
      in reply to

      @AnthonyCollette am I missing something? If I get hashed and or salted enc passwords, I don't know the length. That's kinda the point.
      I don't understand how these stats were concluded.

      In conversation Tuesday, 09-May-2023 08:58:23 JST permalink
    • Embed this notice
      Anthony Collette :donor: / Loistava (anthonycollette@infosec.exchange)'s status on Tuesday, 09-May-2023 08:58:24 JST Anthony Collette :donor: / Loistava Anthony Collette :donor: / Loistava
      in reply to
      • Brahn

      @Brahn Oh, awesome. Glad you found it.

      As non-tech folks, my partner and I immediately encountered a surprising variety of opinion related to issues that ordinary consumers encounter.

      So we tried very hard to look past all the opinions, and find some pieces of bedrock truth. Sort of looking for "dots" and finding ways to connect them. And thankfully there's the clear guidance from EFF, which any consumer can understand and apply.

      If you notice anything I post that doesn't make sense, or seems off, please don't hesitate to point it out.

      I'm not so much defending a point of view, as digging around looking for reliable bits of reality. Especially when those pieces of reality are actionable by ordinary consumers.

      In conversation Tuesday, 09-May-2023 08:58:24 JST permalink

      Attachments



      clacke likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.