- 最后登录
- 2010-12-8
- 在线时间
- 361 小时
- 寄托币
- 950
- 声望
- 35
- 注册时间
- 2009-11-3
- 阅读权限
- 25
- 帖子
- 3
- 精华
- 0
- 积分
- 917
- UID
- 2720914
- 声望
- 35
- 寄托币
- 950
- 注册时间
- 2009-11-3
- 精华
- 0
- 帖子
- 3
|
本帖最后由 番茄斗斗 于 2009-12-26 14:51 编辑
好词-结构-难句-生词-表达
Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
How to stay sane as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses thePacific to Japan for a month or so. He repeats the trip during thesummer. He considers it crucial in order to keep abreast of(跟上(某事物的发展)) all theingenious technology which, once debugged by the world’s mostacquisitive consumers, will wind up in American and European shops ayear or two later.
Each time he packs his bags, though, he is embarrassed by having toinclude a dog-eared(翻旧了的) set of notes that really ought to be locked up in asafe. This is his list of logons and passwords for all the websites heuses for doing business and staying in touch with the rest of theworld. At the last count(根据有关的最新消息), the inch-thick list accumulated over the pastdecade or so—your correspondent’s sole copy—includes access details forno fewer than 174 online services and computer networks.
Alamy
He admits to flouting(蔑视) the advice of security experts: his failingsinclude using essentially the same logon and password for many similarsites, relying on easily remembered words—and, heaven forbid, writingthem down on scraps of paper. So his new year’s resolution is to set upa proper software vault for the various passwords and ditch thedog-eared list.
Your correspondent’s one consolation is that he is not alone in usingeasily crackable words for most of his passwords. Indeed, the majorityof online users have an understandable aversion to strong, buthard-to-remember, passwords. The most popular passwords in Britain are“123” followed by “password”. At least people in America have learnedto combine letters and numbers. Their most popular ones are “password1”followed by “abc123”.
Unfortunately, the easier a password is to remember, the easier it isfor thieves to guess. Ironically, the opposite—the harder it is toremember, the harder it is to crack—is often far from true. That isbecause, not being able to remember long, jumbled sets of alphanumeric(含有字母和数字的)characters interspersed with symbols, people resort to writing themdown on Post-it notes left lying around the office or home for all andsundry(不同的) to see.
Apart from stealing passwords from Post-it notes and the like,intruders basically use one of two hacks to gain access to otherpeople’s computers or networks. If time and money is no problem, theycan use brute-force methods that simply try every combination ofletters, numbers and symbols until a match is found. That takes a lotof patience and computing power, and tends to be the sort of thing onlyintelligence agencies indulge in.
A more popular, though less effective, way is to use commercialsoftware tools such as “L0phtCrack” or “John the Ripper” that can befound on the internet. These use dictionaries, lists of popularpasswords and rainbow tables(彩虹表:是一个庞大的、针对各种可能的字母组合预先计算好的哈希值的集合) (lookup tools that turn long numberscomputed from alphanumeric characters back into their original plaintext) to recover passwords.
According to Bruce Schneier, an independent security expert, today’spassword crackers “can test tens—even hundreds—of millions of passwordsper second.” In short, the vast majority of passwords used in the realworld can be guessed in minutes. And do not think you are being smartby replacing the letters “l” or “i” in a password with the number “1”;or the letter “s” with the number “5” or the symbol “$”. Crackingprograms check all such alternatives, and more, as a matter of course.
What should you do to protect yourself? Choose passwords that arestrong enough to make cracking them too time consuming for thieves tobother.
The strength of a password depends on its length, complexity andrandomness. A good length is at least eight symbols. The complexitydepends on the character set. Using numbers alone limits the choice tojust ten symbols. Add upper- and lower-case letters and the complexityrises to 62. Use all the symbols on a standard ASCII keyboard and youhave 95 to choose from.
The third component, randomness, is measured by a concept borrowed fromthermodynamics—the notion of entropy (the tendency for things to becomedisordered). In information theory, a tossed coin has an entropy of one“bit” (binary digit). That is because it can come down randomly in oneof two equally possible binary states.
At the other extreme, when you set the encryption of a Wi-Fi link, youare usually given the choice of 64-bit or even 128-bit security. Thosebit-numbers represent the entropy (or randomness) of the encryptionused. A password with 64 bits of entropy is as strong as a string ofdata comprising 64 randomly selected binary digits(二进制数字). Put another way, a64-bit password would require 2 raised to the power of 64 attempts tocrack it by brute force—in short, 18 billion billion attempts. A 64-bitpassword was finally cracked in 2002 using brute-force methods. It tooka network of volunteers nearly five years to do so.
The National Institute of Standards and Technology, the Americangovernment’s standards-measuring laboratory in Gaithersburg, Maryland,recommends 80-bit passwords for state secrets and the like. Suchsecurity can be achieved using passwords with 12 symbols, drawn fromthe full set of 95 symbols on the standard American keyboard. Forordinary purposes, that would seem overkill(小题大做). A 52-bit password based oneight symbols selected from the standard keyboard is generally adequate.
How to select the eight? Best to let a computer program generate themrandomly for you. Unfortunately, the result will be something like6sDt%k&3 that probably needs to be written down. One answer, onlyslightly less rigorous(谨慎的), is to use a mnemonic constructed from the firstletters (plus contractions) of an easily remembered phrase like “MurderConsidered as One of the Fine Arts” (MCa1otFA) or “To be or not to be:that is the question” (2Bo-2b:?).
Given a robust 52-bit password, you can then use a password manager totake care of the dozens of easily guessable ones used to access variousweb services. There are a number of perfectly adequate products fordoing this. In an early attempt to fulfil his new year’s pledge, yourcorrespondent has been experimenting with LastPass,a free password manager that works as an add-on to the Firefox webbrowser for Windows, Linux or Macintosh. Versions also exist forInternet Explorer on Windows and Safari on the Mac.
Once installed and given a strong password of its own, plus an e-mailaddress, LastPass encrypts all the logons and passwords stored on yourcomputer. So, be warned: forget your master password and you could bein trouble—especially if you have let the program delete (as it urgesyou to let it do) all the vulnerable logons and passwords on your owncomputer.
Thereafter, to visit various web services, all you have to do is loginto LastPass and click the website you wish to check out. The toolthen automatically logs you on securely to the selected site. It willeven complete all the forms needed to buy goods online if you havestored your home address, telephone number and credit-card details inthe vault as well.
Your correspondent looks forward to using the service while travellingaround Japan over the next month or so. To be on the safe side,however, his dog-eared list of passwords will still go with him.
---------
SUM-UP:
Today, netizen are using comparatively-simplified password online.Jumble sets of alphanumeric or confusing alternation are no longer safeenough, for they can be easiy cracked by minutes. As a result, security online involves high-tech. Length, complexity andrandomness ,as determinations of the strengh of a password, is enpowered by binary bits, computer programe generation. In addition,the giving password can be guarded by password manager, while you are surfing the net.
COMMENT:
With the advent of high-tech, business has vastly shifted to onlinemarket. This enables the possibility of increasing crimes ,which mainly focus on stealing the online information, and what's more, may squeeze the wealth in your bank account.
This is what high-tech brought us, a promising convience as well as high insecurity. Sticking to the old way,like what the correspondentdid in the given article, to avoid its weakness is none the less unsound. On the contrary, an advanced way is appreciated,as there's always a solution given after the burst of a mess.
We have heard boundless complaints about information age, including the insecurity of it. Contrary to the public perception, insecurity shares no difference in before and after information age, and what allurs us into the misunderstanding is the convenience brought by information age.Online business for example, as tranction increased, so is the exposureto risk. Meanwhile, we have to admit the chance of risk is comparatively shrinking as well. |
|