Comments for Passwords at http://blog.codecall.net , comment 1 to 6 out of 6 comments http://blog.codecall.net Tue, 06 Jan 2009 20:54:54 +0100 FeedCreator 1.7.3 http://blog.codecall.net/component/myblog/Passwords.html#comment-254 Yea, I realized that after I hit Add Comment. I haven't made my way back into the DB to change it since there is no edit button here. - Jordan Tue, 26 Aug 2008 07:43:15 +0100 http://blog.codecall.net/component/myblog/Passwords.html#comment-253 Rainbo[b]w[/b] tables! And although the term is relatively new, the concept has been around since time began. By the way Jordan, giving me the details you just did, you realize you sliced the time for me to compute your password by almost a million exponential units? :) - TkTech Tue, 26 Aug 2008 07:24:17 +0100 http://blog.codecall.net/component/myblog/Passwords.html#comment-237 I use several variations of several passwords that I use depending on the site. For instance, if I am registering on a site to download something and I don't expect to ever return I'll use a fairly easy to crack password (7 chars, two special characters). However, if I am using something like paypal my password is a bit more complex (11-13 characters with 4-5 special chars and numbers/characters). Most sites I need to login to have different passwords. TotalPenguin and CodeCall don't even have the same password for me. I've never heard of Rainbox Tables. That was a great read and well written! Nice work. - Jordan Tue, 19 Aug 2008 10:26:02 +0100 http://blog.codecall.net/component/myblog/Passwords.html#comment-236 I was shocked to discover these rainbow tables last year, and 2 major sites that I have backend access to use the typical method, and have sql injection vulnerabilities (which the other admins continue to overlook). I now keep a written password book with all of my secure passwords. My passwords are generated through a password generator, and I've memorized many of them, but I am constantly being forced into making more passwords for sites that I don't quite trust. Great article! - Phil Mon, 18 Aug 2008 23:39:09 +0100 http://blog.codecall.net/component/myblog/Passwords.html#comment-235 I remember you asking me about rainbow tables :D Most of the sites out there that offer pre-made tables have brute force rainbow tables, not just common words. The only thing you can do is try to prevent someone from gaining access to the table and to write smart rules to prevent large amounts of queries from a single source. For example try logging in to many times with an invalid password on the forum. Eventually it'll reject your attempts to login for 15 minutes. - TkTech Mon, 18 Aug 2008 18:50:54 +0100 http://blog.codecall.net/component/myblog/Passwords.html#comment-234 Well written, great job. :) I have no idea why some websites don't allow very secure passwords. I always thought they didn't allow special characters and punctuation as a security precaution. I use a password generator to create my passwords, and change them quite often. I haven't changed them in awhile though. :( - James Mon, 18 Aug 2008 18:50:39 +0100