Hi, Brian wrote: > They would never have got to > my!only"reason£for$living%is^ebay
Unless some group of people is caught with using this scheme. Of course the attacker needs more computing power than with a camelback style text that bears no separators out of a set with a few dozen characters. You have a UK keyboard. That would be about number three to test for an easy to memorize sequence of non-letters. (QWERTY, QWERTZ, BS 4822, ...) So it's not much more work than with CamelBackStyle. > Stamina is at least as important as speed. Not to forget experience and gut instincts of the attacker. He sneaks into your shoes and lives a copy of your life ... shoo-hooo ... > We are mesmorised by the skills of offline crackers. They dazzle us and > blind us to realities. I often wonder how much of the reports about secret agency powers is intentional deception and how much is a glimpse of a world where nothing is private. One cannot even tell for sure whether they get something that is worth the money for the electricity they consume. It's all an endless series of tricks and lies. They even use truth to fool the enemy. Nobody believes the truth. > > The first found meal tells the bear that there is more food in the same > > direction. > With an offline attack, probably. But where are the people who say that > online is the same as or even similar to offline, If the attacker has no opportunity to test a lot of tries, then brute force has nearly no hope for success, indeed. In this case, eavesdropping and non-computer actions like burglary or social engineering are the things to fear. Not to forget judges. IPv6 addresses are a problem. If i ask a what-is-my-IP site for my IPv6 address then it tells me the town where i live. With IPv4 the reported location is often hundreds of kilometers away. > And, even assuming a site such as Ebay with its millions of users loses > its marbles to offline cracking, why think you are first in line for > rampaging? You'd end up in lists of cracked passwords and user names which get sold for Bitcoins. Mass matters. > Ok, they have to start somewhere - it might as well be you. :) Never choose a username that looks like money or sexual exploitability. A good precaution is to only do things in the internet, which you can justify doing in public as well, and to only expose as much money to the web as you can easily afford to lose. I live in a spacetime bubble where this is possible. Others are less lucky. Reco wrote: > Since it [eq8GeKBhVXOTjF0dAyd0] appeared in a public maillist - it is a > bad password by definition. Harvested today and on the market tomorrow. Brian wrote: > It will not be used again. Hey ! You are spoiling an upwardly mobile sector of the economy. Have a nice day :) Thomas
