Silk Road forums
Discussion => Security => Topic started by: DigitalAlch on June 26, 2011, 05:42 pm
-
Some of the simple passwords were cracked despite being encrypted and salted. Do NOT USE REAL WORDS IN YOUR PASS!
http://pastebin.com/NDm7XihA
DigitalAlch
-
I wouldn't say that. There's nothing wrong with using real words (unless there's a length limit), you just need to realize each dictionary word is only worth something like two random characters. So equinoxasthmatic is about as good as g1~S i.e. not very good, both are too simple. Triple the length of either one and you've got a pretty good password. Or you can mix and match, which is even better. Of course this assumes the words are also random; needless to say, a meaningful phrase like fuckyou or letmein won't get you very far.
-
Or for another method use a sentence and make a mnemonic:
12 Llamas bathing in the ocean need 2 boats and EXTRA $ = 12Lbiton2baE$
Because this isn't simply dictionary based. They are comparing to other salted/encrypted pass. But yeah substituting characters is also helpful.
Collaboration,
DigitalAlch
-
It looks like none of the passwords that were cracked had a capital letter or a special character.
-
Looks like Mt. Gox has been taking quite the beating recently.
I second the password hints above, while stressing the importance of using special characters. I've heard somewhere that if you have 128-bit encryption and you don't use capitals and special characters, you really aren't getting the fullest encryption. TrueCrypt recommends at least 20(?)-character long passwords made completely randomly.
Hope nobody here is affected by this! Cheers!