Reply to post: War Games is fake...

'Password rules are bullsh*t!' Stackoverflow Jeff's rage overflows

Trey Pattillo

War Games is fake...

A story from mid 1980's.

I worked a major manufacture and we had a "mini-frame" for the whole place.

The mini talked to the main-frame over 500 miles away on dedicated lines.

Blow you user name and/or password 3 times this was a daily limit and were deleted from the system.

I was on nights so we had to wait until 9am the next day for upper management to call the system people at the main frame to put us back.

You were not the only unhappy person, there was a chain of them.

Big Blue and good software design and security always overs come youth and vigor.

I tell people get something like a verse from your favorite song, favorite bible verse, something a comedian said like "why do you have a hot water heater, you need a cold water heater". Get the point. You can remember that and maybe do it for types of usage categories, like bank/finance/money something about the money changers being in the temple from the Sunday book of fables.

Example using password that is hashed with a key then run through base64 conversion [don't lose you key if you your want to reverse - yes you can]

pass phrase: why do you have a hot water heater, you need a cold water heater

becomes: 5a9dxv#Gxw=G5$q@*)+=xvt82vh_xw595v'Jxv9=*)#=4:H86(h`xvd=+("8*$q;3aI<xw595v'Jxv9=*)#=48ll

length: 88 > 30 low 6 up 20 numb 26 top symbol 6 other symbol

combinations: 4.32 E+173

Entropy: 576 Very Strong

PC/Web: 136.8 E+161 years

Tianhe-2/Botnet: 162.6 E+71 years

But the account is locked on the 3rd maybe 10th fail until the next day......hacker loses.

Remember the hacker unlike War Games does not know anything about the password, including the key and that it was base64 encoded.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020