Today we are pleased to introduce the beta version of the service franchise authorization TM ID. For a long time TM supports and develops several closely related IT-resources: Habrahabr Brainstorage Freelansim Hantim Toster For convenience of use, we have created a single authorization center, which lets you use one account (TM ID) for the above mentioned projects. Currently TM ID supports input only two projects - "Habrahabr" and "Toaster". In the future, the service authorization will be added to other projects. If you already have an account "Habrahabr," you do not need to create a new TM ID - just go to the authorization center, using e-mail and password from "Habra." For convenience, you can bind to account accounts in social networks. "Toaster. Reincarnation UPD: Now through TM ID works Brainstorage.
And I could not even login with their email. Tried to enter - says not registered. Tried to create - a user with this email is already registered. Then just go through the thought of Google.
And I could not remember the address at which I acc ..)) ...
Yes, it was necessary franchise to update the paper on the refrigerator.
The fact that some users were Habra simple passwords that were set a long time ago, when there were no strict requirements for safety. While on the TM ID such requirements are - if the password is short, then it is proposed to replace :)
20 character password is too simple? :)
Suppose franchise my password contained 17 words (not including prepositions and interjections). Average word length - 5 characters (I'm lazy and did not want to). As far as my current 8 character password weaker? Vague feeling that several orders of magnitude weaker.
I only spoke about the current example. Naturally, the 17 words to more secure 8 characters. Although generally a bit useless argument, in my opinion. Have not met to brute force the password. Often just get some deception, or try brute form admin / admin , admin / password and throw this thing. Easier to use some other way, apparently.
Regularly brute force ssh, ftp, pop3, smtp; admin popular engines (joomla, wordpress). So if you have not seen it does not mean that it is not. Moreover, you may not be aware that you are Brutus, if there is no access to the logs, or lazy to look into them.
That is what I mean by "try brute species ..". The logs are constantly notice that someone is actively breaking into the admin. ban-ip-list in htaccess already franchise passed for 30 addresses. Just call it Brutus can not. I do not believe that there is someone touches it character by character. Rather just run a dictionary the most frequent type of passwords admin , 123456" and so on.
So it is necessary to set the bait, which respond to these passwords, and inside recursive virtual directory tree with millions of files-takes, and maybe even ghost files with the noise generated on the fly. While there, you can leave the tree is plausible, and replace the contents on the fly. Writing a couple of files to download and gun ban list. The next time will be added to the exceptions for scanning. In the end, hack resource that does not resist not interested, poke and restrained. And the most stubborn collect garbage franchise collection itself.
Of course, everything depends on the number of words. But here it is necessary to calculate (I will do it primitively, not judge strictly). In the example in the complex 11-character password. Take, for example, that it can be used 26 lowercase letters, franchise 26 uppercase, 10 digits and some 10 characters. Get in the amount of 72 characters for each position, a total of 72 ^ 11 = 2 10 ^ 20 variants. And that's assuming that we only brute force password given length! Okay, now suppose that we have a vocabulary of at least 100 thousand common English words. There will clearly correct , horse , battery and may be staple . 100 thousand for each seat, this is the maximum 100k ^ 4 = 10 ^ 20. At first glance it seems that not much difference. Suppose now that we iterate through all the passwords. Usually, the minimum threshold for the password to 8 characters. Hence, we need to sort out the combination franchise of 8, 9, 10 and 11 characters before we get to the desired password us (at worst). In literary same password we can not use one word, but two can. Thus, 2, 3 or 4 words. Let's franchise count? franchise At this time a little more precise. 72 ^ 72 ^ 8 + 9 + 10 + 72 ^ 72 ^ 11 = 2.7335 10 ^ 20 100k ^ 2 + 100k ^ 3 + 100k ^ 4 = 1.00001 10 ^ 20 We see that the password of the Brutus faster than characters. I note that I am not calling to use passwords of characters. It really is extremely inconvenient, franchise and generally unnecessary. I just want to say that if they use the words, then take the low-frequency, and better and something unique, known only to you. This will help to remember, and how to protect themselves from brute force, and from the simple guessing. Example: dislike design tosterru . 22 characters, even if Brutus only lowercase letters and spaces, get about 3 10 ^ 31. And if br
No comments:
Post a Comment