<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style><head>
<style></style>
<table class="backgroundTable" bgcolor="#ffffff" cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top: 0px solid rgb(0, 0, 0);
border-bottom: 1px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255); text-align:
center;" align="center"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 200%;
font-family: verdana; text-decoration: none;">Email
not
displaying correctly? <a
href="http://www.oplin.org/4cast/"
style="font-size: 10px; color: rgb(0, 0, 255);
line-height: 200%; font-family: verdana;
text-decoration: none;">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(51, 51, 51);
border-bottom: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 255);">
<center><a href=""><img id="editableImg1"
src="cid:part2.03070207.02060502@oplin.org"
title="OPLIN" alt="OPLIN 4Cast" align="middle"
border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width: 763px; height: 877px;"
bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size: 12px; color: rgb(0, 0, 0);
line-height: 150%; font-family: trebuchet ms;"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
bgcolor="#ffffff" valign="top">
<p><!-- Make sure you modify the 4Cast title in this section -->
<span style="font-size: 20px; font-weight: bold;
color: rgb(0, 0, 0); font-family: arial;
line-height: 110%;">OPLIN 4cast #357: Can words
still protect us?</span><br>
<!-- Make sure you modify the date of the 4Cast in this section -->
<span style="font-size: 11px; font-weight: normal;
color: rgb(102, 102, 102); font-style: italic;
font-family: arial;">October 16th, 2013</span></p>
<!-- Begin copy of Web Source here -->
<p style="text-align: justify;font-size: 16px;
font-family: arial; line-height: 110%;"><img
alt="safe"
src="cid:part4.04070600.01030709@oplin.org"
align="left" height="105" width="105">Over the
past couple of months, Dan Goodin wrote two
articles in <em>Ars Technica</em> about password
and passphrase protection that have been widely
quoted in the tech media. (We link to the longer
one of them below.) The articles were prompted by
the release of a new version of Hashcat, a
password cracking program that can now recover
passwords up to 55 characters long. Because
software like this keeps making password cracking
easier, it is common to see recommendations that
users instead use a pass<em>phrase</em> - a long
series of words that is easier to remember than a
single complex pass<em>word</em>. But if
passphrases are too easy, they may not be any
better protection than passwords.
</p>
<div> </div>
<ul style="text-align: left;">
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/">How
the Bible and YouTube are fueling the next
frontier of password cracking</a> (Ars
Technica/Dan Goodin) "As awareness has grown
about the growing insecurity of passwords that
were presumed strong only a few years ago, many
people have turned to passphrases, often pulled
from what they believe are overlooked songs,
books, or other sources. The idea is to generate
a long passcode that contains upper- and
lower-case letters and possibly punctuation
that's nonetheless easy to remember. This turns
out to be largely an exercise in futility. As is
the case with passwords, the same thing that
makes passphrases easy to remember makes them
susceptible to easy cracking."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.tested.com/tech/concepts/458515-books-and-youtube-are-supplying-password-crackers-billions-passphrases/">Books
and Youtube are supplying password crackers
with billions of passphrases</a>
(Tested/Wesley Fenlon) "And now crackers have
discovered that resources like the Bible,
Wikipedia, and the Gutenberg archive provide
millions of phrases that people may use for
passwords, believing that they're long enough to
be secure or unknown enough to be unguessable.
'Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl
fhtagn1' from H.P. Lovecraft is a prime example.
No computer could bruteforce such a complex
password string, but no computer will have to -
once that phrase is in a dictionary, it's easy
to crack."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.nealofarrell.com/20130829142/cybercrime/this-week-insecurity-august-29th-2013-is-it-truly-finally-sadly-game-over-for-passwords.html">Is
it truly, finally, sadly, game over for
passwords?</a> (Neal O'Farrell) "A passphrase
should not simply be a statement or saying that
you read somewhere or remembered from childhood.
Because if it's been used before, chances are
it's already in a dictionary and could be
guessed. A real passphrase is supposed to be
something about you and your life that is
unlikely to be on the internet and guessable by
a hacker. And taking it one step forward, and
one very crucial step, you don't use the exact
passphrase but only selected elements."</li>
<li style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://www.infosecurity-magazine.com/view/34207/password-cracker-cracks-55-character-passwords">Password
cracker cracks 55 character passwords</a>
(Infosecurity) "What the new version of hashcat
demonstrates is that size is no longer as
important as it used to be - it's what the user
does with the characters that matters. Length is
still important; but rather than just a
combination of words or phrases, it should be a
mix of characters, numbers and punctuation
symbols."</li>
</ul>
<div style="text-align: left;"> </div>
<p style="text-align: left; font-size: 20px;
font-family: arial; line-height: 110%;"><small><strong><em>Hashcat
fact:</em></strong></small><br>
</p>
<div style="text-align: justify; font-size: 16px;
font-family: arial; line-height: 110%;"><a
href="http://hashcat.net/oclhashcat-plus/">Hashcat</a>
claims to be the world's "fastest md5crypt,
phpass, mscash2 and WPA/WPA2 cracker." It's also
free.
</div>
<div style="text-align: left;"> </div>
<!-- End paste of web source here --> </td>
</tr>
<tr>
<td style="" solid="" background-color:="" rgb(255,=""
255,="" 255);="" >=""
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg"
valign="top" width="760"><span style="font-size:
10px; color: rgb(96, 96, 96); line-height: 100%;
font-family: verdana;">
<hr><!-- Begin standard subscription verbiage -->
<div style="text-align: justify;">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could
impact public
libraries. You can subscribe to it in a variety
of ways, such as: <br>
</div>
<div style="text-align: left;"> </div>
<ul>
<li style="text-align: justify;"><strong>RSS
feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following
URL:
<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/index.php/?feed=rss2">http://www.oplin.org/4cast/index.php/?feed=rss2</a>.
</li>
<li style="text-align: justify;"><strong>Live
Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a class="moz-txt-link-freetext" href="http://www.oplin.org/4cast/">http://www.oplin.org/4cast/</a>) and click on the
orange "radio wave" icon
on the right side of the address bar. In
Internet Explorer 7, click on
the same icon to view or subscribe to the
4cast RSS feed. </li>
<li style="text-align: justify;"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and
OPLINtech) by subscribing to
the 4cast mailing list at
<a class="moz-txt-link-freetext" href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>.
</li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top: 0px solid rgb(255, 255, 255);
background-color: rgb(255, 255, 204);"
background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg"
valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<title>OPLIN 4Cast</title>
<style>
.headerTop { background-color:#FFFFFF; border-top:0px solid #000000; border-bottom:1px solid #FFFFFF; text-align:center; }
.adminText { font-size:16px; color:#0000FF; line-height:200%; font-family:verdana; text-decoration:none; }
.headerBar { background-color:#FFFFFF; border-top:0px solid #333333; border-bottom:0px solid #FFFFFF; }
.title { font-size:20px; font-weight:bold; color:#000000; font-family:arial; line-height:110%; }
.subTitle { font-size:11px; font-weight:normal; color:#000000; font-style:italic; font-family:arial; }
.defaultText { font-size:12px; color:#000000; line-height:150%; font-family:trebuchet ms; }
.footerRow { background-color:#FFFFCC; border-top:0px solid #FFFFFF; }
.footerText { font-size:10px; color:#996600; line-height:100%; font-family:verdana; }
a { color:#0000FF; color:#0000FF; color:#0000FF; }
</style>
</body>
</html>