Page 2 of 5

Re: who uses a 50 character password?

Posted: Sun Oct 10, 2010 11:59 pm
by Kim_Possible
Unknown Bliss wrote:Its talking about an encryption key for a hard drive partition.
I've never heard of an encryption key length being described as "50 characters." If he is using any of the publicly available encryption tools, then he is probably using AES which (IIRC) typically generates either a 192 or 256 bit key. The program probably accepts pass phrases up to 50 characters (most accept pass phrases of 64 characters).

It is also possible that the person writing the story didn't know what he was talking about. :)

Re: who uses a 50 character password?

Posted: Mon Oct 11, 2010 11:20 pm
by Daniel Exe
Kim_Possible wrote:I don't think the standard user account protection offered by operating systems would prove to be that difficult to bypass. My assumption is that the owner has used some sort of robust method of encryption to protect his data . . . or access to his entire operating system.
Rainbow tables. Windows wouldn't put up much of a fight.

TrueCrypt on the other hand, as you mentioned... well, good luck to that team lol

Re: who uses a 50 character password?

Posted: Tue Oct 12, 2010 2:18 am
by nuckfan15
Kim_Possible wrote:I'm guessing that he is using something like TrueCrypt to encrypt the entire disk/partition. If so, there is no easy "work around" for not having the pass phrase. I've had two laptops stolen in my life, both of which had fairly sensitive work-related data on them. I use TrueCrypt religiously (also, my pass phrase is 39 characters long ;) ).
I don't really understand why anybody would want to remember a 39 character password, nevermind type it every time.

Re: who uses a 50 character password?

Posted: Tue Oct 12, 2010 3:16 am
by Daniel Exe
To remember a 39 character string, it would have to be something..well..rememberable. Like a particular order or sequence of numbers, or perhaps even a sentence. So it's probably not even that strong of a password..but rather just long. Heck, I would guess it's a basic sequence/pattern of keys, like the row of numbers over and over again.

Re: who uses a 50 character password?

Posted: Tue Oct 12, 2010 4:45 am
by AdamR
Daniel Exe wrote:To remember a 39 character string, it would have to be something..well..rememberable. Like a particular order or sequence of numbers, or perhaps even a sentence. So it's probably not even that strong of a password..but rather just long. Heck, I would guess it's a basic sequence/pattern of keys, like the row of numbers over and over again.
Not necessarily. For example, my password here on phpBB.com is >30 random ASCII characters and I've memorized it. Granted, its the only one of my uber long passwords that I have memorized, but it can be done. :D

- Adam

Re: who uses a 50 character password?

Posted: Tue Oct 12, 2010 3:06 pm
by Daniel Exe
30+? lol If I didn't know better, I'd suspect you were paranoid of salted MD5 passwords

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:25 am
by Superwaffle
Daniel Exe wrote:To remember a 39 character string, it would have to be something..well..rememberable. Like a particular order or sequence of numbers, or perhaps even a sentence. So it's probably not even that strong of a password..but rather just long. Heck, I would guess it's a basic sequence/pattern of keys, like the row of numbers over and over again.
All of my passwords are alphanumeric; it's not hard to write a long password made up of digits that seem random to anyone but yourself. For example: B1o2R3a4T5r1O2c3K4s5. A 20 character password that would be nearly impossible to just guess, yet pretty easy to remember. All it's composed of are the words "Borat rocks" alternating capital letters, with the numbers 1, 2, 3, 4, and 5 in between each letter, then restarting for the next word. Just because it's easy to remember doesn't necessarily mean it's a weak password.

Also, what's the difference between an encrypted password and just a normal password?

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:46 am
by Daniel Exe
Just because it's easy to remember doesn't necessarily mean it's a weak password.
I never said the length made it weak. I meant that there had to be some sort of significance for it to be remembered. Length is definitely a huge factor in password strength, although not nearly as big of a contributor as using a combination of special characters. Ie: 7 chars alphanumeric is in not a strong password, and if it's not being hashed and stored with a salt, I'd be worried.

As for password and encryption, those are two different things altogether. Encryption is transforming data, using an algorithm, so that it cannot be read. A password (or in this case, key) can be used as credentials to decrypt that data though. I'm thinking maybe you're getting confused with hashing?

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:57 am
by tbackoff
Daniel Exe wrote:I meant that there had to be some sort of significance for it to be remembered.
Yes, but that doesn't make it weak. For example, my password here is something I can easily remember, but even if you've known me my whole life, you would never guess it. Just because it's easy-to-remember does not always mean it's weak.

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 6:28 am
by Daniel Exe
At a length of 50 characters though, I wouldn't exactly associate a string made of random chars as being easy to remember. Going back to my original point - I had wondered if it were perhaps something rather trivial such as a specific sequence or order of the keyboard. Having to type this in on boot would become a bit of a hassle otherwise. AdamR being an exception :P

In no way am I trying to argue that any password you can remember must be weak - which is perhaps the impression I've given you. Although for the average user, the fact that rememberable is associated with a dictionary word is rather unfortunate, but understandable.

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 8:05 am
by nuckfan15
Daniel Exe wrote:At a length of 50 characters though, I wouldn't exactly associate a string made of random chars as being easy to remember. Going back to my original point - I had wondered if it were perhaps something rather trivial such as a specific sequence or order of the keyboard. Having to type this in on boot would become a bit of a hassle otherwise. AdamR being an exception :P

In no way am I trying to argue that any password you can remember must be weak - which is perhaps the impression I've given you. Although for the average user, the fact that rememberable is associated with a dictionary word is rather unfortunate, but understandable.
This topic kind of motivated me to go ahead and change alot of my passwords. I realised using one password for everything isn't too smart, especially doing online banking. Given it is pretty random ( ex sis9wwiw98 ), but still dangerous.

They are all a minimum of 11 characters now and all different.

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 12:40 pm
by Kim_Possible
I have one really long password that I have memorized. It is ~40 characters long, and that is the password that was used to generate the 256 bit encryption key that was used to encrypt my entire hard drive (using AES). That password gets me into my hard drive and also loads my password manager (KeypassX). All of my other passwords for websites, programs, router, etc. are there. Each site/device/program gets its own password that is is (pseudo)randomly generated and as long and as "broad" as allowed.

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:35 pm
by Daniel Exe
Kim_Possible: Best practise, by far. What password manager do you use, if I may ask?

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:46 pm
by MichaelC
Daniel Exe wrote:Kim_Possible: Best practise, by far. What password manager do you use, if I may ask?
Kim_Possible wrote: my password manager (KeypassX)
KeypassX

Re: who uses a 50 character password?

Posted: Fri Oct 15, 2010 3:59 pm
by Daniel Exe
Missed that. :oops:

And I wonder if KeyPassX has any relation with KeePass.