Link Details

Link 839861 thumbnail
User 478055 avatar

By mitchp
via java.dzone.com
Published: Aug 29 2012 / 08:39

There are numerous important lessons in this article. One of the small lessons is that changing your password every sixty or ninety days is farcical. The rainbow table algorithms can crack a badly-done password in minutes. Every 60 days, the cracker has to spend a few minutes breaking your new password. Why bother changing it? It only annoys the haxorz; they'll be using your account within a few minutes. However. That practice is now so ingrained that it's difficult to dislodge from the heads of security consultants.
  • 3
  • 1
  • 950
  • 922

Comments

Add your comment
User 218789 avatar

eelmore replied ago:

1 votes Vote down Vote up Reply

This article takes a fairly cynical and myopic view of password security, if the author knows anything about security at all. The article summary and the article itself have little to do with each other anyway--the article was about session security and the summary talks about password security and seems to confuse the two. For rainbow table or cracking techniques to work, the attacker has to first obtain the hash--which really shouldn't be happening frequently. If you change your password often, it limits the lifespan of a vulnerability resulting from the hash being in the open. An app developer should *NEVER* (and I mean ever) store passwords in the clear and they should salt every password at the time the hash is stored and they should use a secure hash algorithm. This article greatly downplays the effort required to crack a password hash database. Completely irresponsible and should serve to discredit the author.

Add your comment


Html tags not supported. Reply is editable for 5 minutes. Use [code lang="java|ruby|sql|css|xml"][/code] to post code snippets.

Voters For This Link (3)



Voters Against This Link (1)



Java Performance Optimization
Written by: Pierre-Hugues Charbonneau
Featured Refcardz: Top Refcardz:
  1. Design Patterns
  2. OO JS
  3. Cont. Delivery
  4. Java EE7
  5. HTML5 Mobile
  1. Node.js
  2. Debugging JavaScript
  3. OO JS
  4. JSON
  5. Ajax