[nycbug-talk] Secure Passwords Keep You Safer

michael lists at genoverly.net
Fri Jan 12 15:43:20 EST 2007


	By Bruce Schneier
	02:00 AM Jan, 11, 2007

	"The attack I'm evaluating against is an offline password-
	guessing attack."

	"Offline password guessers have gotten both fast and smart.
	AccessData sells Password Recovery Toolkit, or PRTK. Depending
	on the software it's attacking, PRTK can test up to hundreds of
	thousands of passwords per second, and it tests more common
	passwords sooner than obscure ones."

	"What's happening is that the Windows operating system's memory
	management leaves data all over the place in the normal course
	of operations. You'll type your password into a program, and it
	gets stored in memory somewhere. Windows swaps the page out to
	disk, and it becomes the tail end of some file. It gets moved
	to some far out portion of your hard drive, and there it'll sit
	forever. Linux and Mac OS aren't any better in this regard."




(this address does not accept public email)

More information about the talk mailing list