PassPack has introduced a password Quality Tester. This is used a little bit everywhere - when choosing your PassPack Pass or Packing Key, as well as in the built in password generator and in the entry window.
The quality tester is a little sliding scale that gives you an idea of how good (or bad) the password you’re typing is.
As you can see in the image, it also includes a tiny number (86). That number indicates the quailty rating. For those of you who are interested, this loosely corresponds to the number of bits.
Your PassPack Pass must have a quality rating of at least 64.
Your Packing Key must have a quality rating of at least 80.
In both cases, once you reach the minimum rating, the little number will turn green.
Why is it so hard?
Actually, it’s not so hard, it just needs to be long. The easiest way to get good quality rating is to use a sentence instead of just a word. Sentences, by nature, are long - and they are easy enough to remember. And hey - these are the keys to your kingdom, make them good.
Technorati Tags: PassPack, password manager, online privacy, passwords, security, privacy,lifehack, web2.0, tech, tagging, packing key
6 Comments
Just surfed http://www.copacobana.org
“With further optimization of our implementation, we could achieve a clock frequency of 136MHz for the brute force attack with COPACOBANA. Now, the average search time for a single DES key is less than a week, precisely 6.4 days. The worst case for the search has been reduced to 12.8 days now.”
Cosi che parla Tara?
Hi Brian.
PassPack doesn’t use DES (which can be quickly cracked), it uses AES-256.
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Security
One question for you though, what did you mean by “Cosi che parla Tara?” - sorry, I didn’t understand that bit.
Katyid being an Italian company, I made a wrong assumption. Primarily, I thought the site might interest you. It rather concerns me. This is a very expensive and powerful computer designed solely to crack codes. On average, an AES cipher takes almost a week. Who buys them? For what underlying purpose? With whose money? Maybe it’s a complex Californian joke, like spawning endless TV movies and shows pretending that Los Angeles is populated by middle-class WASPs.
Speaking English.
Though I suppose one Mexican asking another “Wanna buy an extremely large prime number, never been used?” just wouldn’t work on the screen.
Hi Brian.
Yup, we’re in Italy, but “Cosi che parla Tara?” translates loosely to “Is this how Tara talks?” which made me suspect that you’d thought that I’d been quoted somewhere on that page. So, sorry, I was just checking to make sure that I wasn’t missing some important question you were asking me.
There are plenty of sites out there dedicated to cracking, and the computing/techniques/hardware/software behind cracking. But PassPack does use AES-256 which to date has not been cracked.
One important thing to remember is that our system is flexible enough so that we can evolve algorithms should need be.
Glad to see others keeping an eye out though.
I was wondering about the advice to use a ‘memorable’ pass phrase. Is this not quite vunerable to a dictionary attack? I presume the pass phrase quality indicator doesn’t take this into account? So could you end up with a 5-6 word passphrase that is more easily cracked if it is normal phrase?
Maybe some more advice in this area? I found the diceware webpage is quite interesting??
@Ray
A dictionary attack is generally on single words, not entire phrases. (if I’m wrong, someone please correct me)
The important thing about phrases is that they tend to be inherently longer, which is harder to “guess”.
But yes, you’ll want to avoid very obvious pass phrases like “open sesame”.
Post a Comment