Posted by
Torsten.Fregin on
URL: http://confocal-microscopy-list.275.s1.nabble.com/Password-Strength-tp6673797p6680201.html
*****
To join, leave or search the confocal microscopy listserv, go to:
http://lists.umn.edu/cgi-bin/wa?A0=confocalmicroscopy*****
Hi,
I think with a modern Campus network we should not worry much about a
brute force attack from abroad. Most problems occur b/c users with
admin accounts just click on email attachments or visit obscure
internet webpages.
Some time ago I was truly astonished when I saw a demonstration how
easy it is to break into a desktop PC running Windows OS when you have
real access to it and are able to boot from CD/DVD. In the web comic
this is also mentioned ("hash") - just read this page:
http://en.wikipedia.org/wiki/Rainbow_tableand maybe you want to try it yourself - just take a look onto the
external links mentioned in the wikipedia article. In Windows, your
password is divided into parts of 7 digits, and if you e.g. use 14
digits and only 0-9 and a-z/A-Z it takes about 1 minute to get your
password (depending on how fast your PC is booting and if your
installation is not secured against reading the files)...
What I do to be "save":
I use other characters which are not used by the English language and
in the simple rainbow table versions.
The bios of my PC is password protected - so you cannot boot without
the password. The case is locked, too. And booting from CD/DVD/USB is
disabled in the bios. And I don't use an admin account (only when I
need to install software). I was thinking to use a virtual
environment, but so far I just tried it and did not switch yet.
Have fun!
:-) Torsten