[主题活动] [REBORN FROM THE ASHES][comment][12.26] [复制链接]

rodgood
UID：2619326

Rank: 4

声望: 24
寄托币: 903
注册时间: 2009-3-21
精华: 0
帖子: 9

沙发

发表于 2009-12-26 01:50:43 |只看该作者

本帖最后由 rodgood 于 2009-12-26 23:08 编辑

Useful words and expressions:

dog-eared书页折角的,

aplenty丰富，

flout轻视,

vault地窖,

consolation抚慰,

aversion反感, averse反对的，不愿意的

jumbled混乱的,

alphanumeric字母数字混合的,

entropy熵,

encryption加密，加密术, encrypt把……译成密码

mnemonic记忆的，助记的

be locked up,

staying in touch with,

heaven forbid, 万万不可地

on scraps of paper,

crackable words,

Post-it notes便条纸，

brute-force methods暴力搜索法,

Best to最好是,

He considers it crucial in order to keep abreast of（跟上某事物的发展） all the ingenious technology which, once debugged by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.

For ordinary purposes, that would seem overkill小题大做的.

Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

A good length is at least eight symbols.

A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force—in short, 18 billion billion attempts.

Your correspondent has been experimenting with LastPass.

To be on the safe side, however, his dog-eared list of passwords will still go with him.

My comments:
I am very excited to read such a report about technology. For the past week, boring articles on politics and economy, though useful for improving my reading ability, have made me feel sick. Partly because of my major of engineering or links to our daily life, it costs me relatively less time to finish the reading.

The report starts by posting a question of how to preserve our logons and passwords use to surf the web from being thieved by hackers. Then the writer introduces the easiness of cracking an ordinary password, followed by the relationship between the safety and the length, complexity and randomness (or entropy) of a password. Sometimes it is jumbled to memorize different logons and passwords used in different web sites. Therefore, some software managers aimed to help us administer our passwords or ever shopping on lines are introduced. However, the point of reliance on software being not a securest method after all is stated in the end.

This article makes me think about something convenient and, to some extent, deleterious technology brings us. Cell phones combine us with wireless communication, but radiowave contamination followed. Automobile replaces our foot to get to a far distance, yet tail gas it produces is warming our earth everyday. Like the report here introduces, while the internet is becoming a new part of our modern life, it becomes another thread to our privacy. Dealing with such tough problems is a contradiction itself. As far as I am concerned, negatively maybe, the most original method is available, just like the ending of the report.

kulewy531
UID：2603031

Rank: 3 Rank: 3

声望: 9
寄托币: 741
注册时间: 2009-2-15
精华: 0
帖子: 3

板凳

发表于 2009-12-26 03:55:11 |只看该作者

本帖最后由 kulewy531 于 2009-12-29 01:11 编辑

Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
生词
好词好句
How to stay sane（Having or showing sound judgment） as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of all the ingenious technology which, once debugged（To search for and eliminate malfunctioning elements or errors in） by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.

Each time he packs his bags, though, he is embarrassed by having to include a dog-eared（卷角的（书等）） set of notes that really ought to be locked up in a safe. This is his list of logons（login） and passwords for all the websites he uses for doing business and staying in touch with the rest of the world. At the last count, the inch-thick list accumulated over the past decade or so—your correspondent’s sole copy—includes access details for no fewer than 174 online services and computer networks.

Alamy
He admits to flouting（ignore） the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault（To accomplish something as if by leaping suddenly or vigorously） for the various passwords and ditch（To get away from） the dog-eared list.

Your correspondent’s one consolationis that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true. That is because, not being able to remember long, jumbled sets of alphanumeric（混合符号的） characters interspersed（dotted） with symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry to see.

Apart from stealing passwords from Post-it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.

A more popular, though less effective, way is to use commercial software tools such as “L0phtCrack” or “John the Ripper” that can be found on the internet. These use dictionaries, lists of popular passwords and rainbow tables (lookup tools that turn long numbers computed from alphanumeric characters back into their original plain text) to recover passwords.

According to Bruce Schneier, an independent security expert, today’s password crackers “can test tens—even hundreds—of millions of passwords per second.” In short, the vast majority of passwords used in the real world can be guessed in minutes. And do not think you are being smart by replacing the letters “l” or “i” in a password with the number “1”; or the letter “s” with the number “5” or the symbol “$”. Cracking programs check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

The strength of a password depends on its length, complexity and randomness. A good length is at least eight symbols. The complexity depends on the character set. Using numbers alone limits the choice to just ten symbols. Add upper- and lower-case letters and the complexity rises to 62. Use all the symbols on a standard ASCII keyboard and you have 95 to choose from.

The third component, randomness, is measured by a concept borrowed from thermodynamics—the notion of entropy (the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary digit). That is because it can come down randomly in one of two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force—in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the American government’s standards-measuring laboratory in Gaithersburg, Maryland, recommends 80-bit passwords for state secrets and the like. Such security can be achieved using passwords with 12 symbols, drawn from the full set of 95 symbols on the standard American keyboard. For ordinary purposes, that would seem overkill. A 52-bit password based on eight symbols selected from the standard keyboard is generally adequate.

How to select the eight? Best to let a computer program generate them randomly for you. Unfortunately, the result will be something like 6sDt%k&3 that probably needs to be written down. One answer, only slightly less rigorous, is to use a mnemonic（A device, such as a formula or rhyme, used as an aid in remembering） constructed from the first letters (plus contractions) of an easily remembered phrase like “Murder Considered as One of the Fine Arts” (MCa1otFA) or “To be or not to be: that is the question” (2Bo-2b:?).

Given a robust 52-bit password, you can then use a password manager to take care of the dozens of easily guessable ones used to access various web services. There are a number of perfectly adequate products for doing this. In an early attempt to fulfill his new year’s pledge, your correspondent has been experimenting with LastPass, a free password manager that works as an add-on to the Firefox web browser for Windows, Linux or Macintosh. Versions also exist for Internet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts（encrypts） all the logons and passwords stored on your computer. So, be warned: forget your master password and you could be in trouble—especially if you have let the program delete (as it urges you to let it do) all the vulnerable logons and passwords on your own computer.

Thereafter, to visit various web services, all you have to do is log into LastPass and click the website you wish to check out. The tool then automatically logs you on securely to the selected site. It will even complete all the forms needed to buy goods online if you have stored your home address, telephone number and credit-card details in the vault as well.

Your correspondent looks forward to using the service while travelling around Japan over the next month or so. To be on the safe side, however, his dog-eared list of passwords will still go with him.

My Comments:
Cryptology has long being studied and its application serve as an essential composition in the modern society where information exerts a crucial influence on economy. For a business man, leakage of commercial secrets can sometimes destroy the whole company. Therefore, logons and codes, as a part of commercial secrets online, should always be well preserved.
However, we human beings are not born with talent in remembering large quantities of various codes. To cater for the need, software like Lastpass comes into being as a manager of logons and codes. This kind of software enables people to keep in mind only one code, facilitating everyday jobs. But, to some extent, it disobeys the rule of “distracting the risk”, which exposes its out dated design concept. As a trend, advanced methods using unique body features like “finger prints” are more and more popular

adammaksim
UID：2675466

Rank: 5 Rank: 5

声望: 76
寄托币: 1583
注册时间: 2009-8-2
精华: 0
帖子: 12

地板

发表于 2009-12-26 09:29:22 |只看该作者

本帖最后由 adammaksim 于 2009-12-27 11:05 编辑

keep abreast of
与。。。并肩，跟上。。的脚步

wind up
以。。。终结

debug to remove insects from,eliminate

dog-eared
翻旧了的，卷角了的

at the last count
根据最新的数据

heaven forbid 但愿。。。不要发生 heaven forbid that...

ditch : to get rid of =discard

jumble
使混乱

entropy
熵

thereafter adv.之后，以后

comments:

This article is interesting and gives us some useful information about the passwords in a humorous tone. Encryption, as a subject, has existed for a long time since people evolved with the need to protect their secrets. It is widely used form Da Vinci’s cryptex as described in Dan Brown’s mysterious-novel to the passwords people used in their daily life. In order to have a impenetrable vault for our secrets and private information, it is wise to follow the author’s advise to lengthen our passwords and raise its complexity and randomness.

However, after creating our unbreakable passwords, the main problem is how to remember them. Fortunately, in hope of the development of bio-identification technology, someday we can replace the alphanumeric passwords with our inherent symbols like fingerprints or iris which we never lose.

123runfordream
UID：2697608

荣誉版主

Rank: 9 Rank: 9 Rank: 9

声望: 482
寄托币: 5216
注册时间: 2009-9-13
精华: 0
帖子: 88

5楼

发表于 2009-12-26 11:44:41 |只看该作者

Tech.view
Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
How to stay sane as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses the Pacific to Japan for a month or so. He repeats the trip during the summer. He considers it crucial in order to keep abreast of all the ingenious technology which, once debugged（debug：to remove a concealed microphone or wiretapping device from） by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later.

Each time he packs his bags, though, he is embarrassed by having to include a dog-eared set of notes that really ought to be locked up in a safe（n.）. This is his list of logons and passwords for all the websites he uses for doing business and staying in touch with the rest of the world. At the last count, the inch-thick（这个形容词我怎么就不会用呢？） list accumulated over the past decade or so—your correspondent’s sole copy—includes access details for no fewer than 174 online services and computer networks.

Alamy
He admits to flouting the advice of security experts: his failings include using essentially the same logon and password for many similar sites, relying on easily remembered words—and, heaven forbid, writing them down on scraps of paper. So his new year’s resolution is to set up a proper software vault for the various passwords and ditch（v. to get rid of） the dog-eared list.

Your correspondent’s one consolation is that he is not alone in using easily crackable words for most of his passwords. Indeed, the majority of online users have an understandable aversion to strong, but hard-to-remember, passwords. The most popular passwords in Britain are “123” followed by “password”. At least people in America have learned to combine letters and numbers. Their most popular ones are “password1” followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it is for thieves to guess. Ironically, the opposite—the harder it is to remember, the harder it is to crack—is often far from true. That is because, not being able to remember long, jumbled（乱七八糟的） sets of alphanumeric（alpha+num+eric=文字数字的，包括文字数字的） characters interspersed with symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry（various） to see.

Apart from stealing passwords from Post-it notes and the like, intruders basically use one of two hacks to gain access to other people’s computers or networks. If time and money is no problem, they can use brute-force methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.

A more popular, though less effective, way （插入语，以及怎么跟way断开和连接的用法——长见识了。）is to use commercial software tools such as “L0phtCrack” or “John the Ripper” that can be found on the internet. These use dictionaries, lists of popular passwords and rainbow tables (lookup tools that turn long numbers computed from alphanumeric characters back into their original plain text) to recover passwords.

According to Bruce Schneier, an independent security expert, today’s password crackers “can test tens—even hundreds—of millions of passwords per second.” In short, the vast majority of passwords used in the real world can be guessed in minutes. And do not think you are being smart by replacing the letters “l” or “i” in a password with the number “1”; or the letter “s” with the number “5” or the symbol “$”. Cracking programs check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

The strength of a password depends on its length, complexity and randomness. A good length is at least eight symbols. The complexity depends on the character set. Using numbers alone limits the choice to just ten symbols. Add upper- and lower-case letters and the complexity rises to 62. Use all the symbols on a standard ASCII keyboard and you have 95 to choose from.

The third component, randomness, is measured by a concept borrowed from thermodynamics热力学—the notion of entropy （平均信息量）(the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary（二进制） digit). That is because it can come down randomly in one of two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force—in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the American government’s standards-measuring laboratory in Gaithersburg, Maryland, recommends 80-bit passwords for state secrets and the like. Such security can be achieved using passwords with 12 symbols, drawn from the full set of 95 symbols on the standard American keyboard. For ordinary purposes, that would seem overkill. A 52-bit password based on eight symbols selected from the standard keyboard is generally adequate.

How to select the eight? Best to let a computer program generate them randomly for you. Unfortunately, the result will be something like 6sDt%k&3 that probably needs to be written down. One answer, only slightly less rigorous, is to use a mnemonic（记忆的） constructed from the first letters (plus contractions) of an easily remembered phrase like “Murder Considered as One of the Fine Arts” (MCa1otFA) or “To be or not to be: that is the question” (2Bo-2b:?).

Given a robust 52-bit password, you can then use a password manager to take care of the dozens of easily guessable ones used to access various web services. There are a number of perfectly adequate products for doing this. In an early attempt to fulfil his new year’s pledge（fulfill pledge）, your correspondent has been experimenting with LastPass, a free password manager that works as an add-on to the Firefox web browser for Windows, Linux or Macintosh. Versions also exist for Internet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mail address, LastPass encrypts all the logons and passwords stored on your computer. So, be warned: forget your master password and you could be in trouble—especially if you have let the program delete (as it urges you to let it do) all the vulnerable logons and passwords on your own computer.

Thereafter, to visit various web services, all you have to do is log into LastPass and click the website you wish to check out. The tool then automatically logs you on securely to the selected site. It will even complete all the forms needed to buy goods online if you have stored your home address, telephone number and credit-card details in the vault as well.

Your correspondent looks forward to using the service while travelling around Japan over the next month or so. To be on the safe side, however, his dog-eared list of passwords will still go with him.

Comments：
It is very practical articles not only for correspondents but all of us who take computer as a close friend. The structure of this article is clear, which the end of it echoes the beginning in a humorous way. It begins by the narrative situation of correspondents. The fact is that a lot of people use the same passwords in different accounts of different website. According to the idea, we set the passwords should consider length(a good one is at least eight symbols), complexity(using the numbers and letters) and randomness(the most complicated and useful part. ).
The important information I got here is trying not to use the same passwords, the simple one. And the detail about post-it, to be honestly, I can’t live without it. Or, I would not get logon any of my accounts.
This kind of articles should not be difficult except the vocabularies.

我们是休眠中的火山，是冬眠的眼镜蛇，或者说，是一颗定时炸弹，等待自己的最好时机。也许这个最好的时机还没有到来，所以只好继续等待着。在此之前，万万不可把自己看轻了。
——王小波

木虫虫
UID：2694986

Rank: 3 Rank: 3

声望: 6
寄托币: 352
注册时间: 2009-9-15
精华: 0
帖子: 1

6楼

发表于 2009-12-26 13:44:10 |只看该作者

本帖最后由木虫虫于 2009-12-27 00:15 编辑

Words and expression:

stay sane 保持理智
keep abreast of 保持与……并列
wind up 结束
acquisitive adj. 渴望得到的
dog-eared 卷角的（纸制品）
inch-thick 一英寸厚
no fewer than 至少
heaven forbid 但愿不会如此
ditch 摆脱= to get rid of
Ironically 具有讽刺意味的是
jumbled 乱七八糟的
alphanumeric 字母和数字的
interspersed with 用……点缀着
resort to writing 采取
all and sundry 所有的
as a matter of course理所当然的
binary digit 二进制
brute force 蛮力
robust 稳健强劲
new year’s pledge 誓言
To be on the safe side

LastPass is an online password manager and form filler that makes web browsing easier and more secure.

He admits to flouting藐视 the advice（注意是单数） of security experts

staying in touch with the rest of the world

have an understandable aversion（反感）

The third component, randomness, is measured by a concept borrowed from thermodynamics热力学—the notion of entropy熵 (the tendency for things to become disordered).

Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.

comment

Frankly, when I read over this article, I come to wonder, whether this is an advertisement for LastPass?

Apart from my supposition of it, I can draw inspiration from the introduction about the theory of passwords protection. The article begins with a story of “your correspondent”, and in the end it has been mentioned again in a funny way. To explain randomness, the author even fetches the conception of entropy. Nowadays, we are living in a world with high-tech and computerizable work, in which we always have codes and passwords surrounding us to protect our private information. Therefore, this article is meaningful to all of us. Let’s modify our passwords now!

pluka
UID：2721764

特级会员

Rank: 6 Rank: 6

声望: 216
寄托币: 2130
注册时间: 2009-11-4
精华: 0
帖子: 16

7楼

发表于 2009-12-26 13:59:53 |只看该作者

本帖最后由 pluka 于 2009-12-26 23:15 编辑

NOTE
the dog-eared卷角的（书等） list.
If time and money is no problem, they can use brute-force methods that simply try every combination of letters, numbers and symbols until a match is found. That takes a lot of patience and computing power, and tends to be the sort of thing only intelligence agencies indulge in.
upper- and lower-case letters：大小写字母encryption：编密码
brute-force methods：暴力手段
a mnemonic:记忆的，记忆术
To be on the safe side, however, his dog-eared list of passwords will still go with him.

COMMENT
This article impress me with its subtle humor when mentioned the most common way Europeans and Americans set their passwords(sth like '123abc' and 'abc123' really arouses my echoes and smile~). I myself too, stick to the same set for most of the websites, and commit the sin that will surely be whiped by many safty experts: I store all my passwords, usernames and corresponding websites(even important ones as my credit card account) in a text file on my computer. One hacker attack, and I lose my private online sovereignty……

Well informed of the dangers as I have, seldom have I worried those potential yet remote risks. After all, I'm only one in obscurity among numerous anonymous net-users. The large quantity obscures personal features and any possibly attention-drawning characteristics, leaving us feel safe with the belief that hackers won't be interested in me and won't even notice me~

This belief, in my eyes, is in most cases both true and necessary. We are living with constant risks of losing privacy: cellphone records, public camera, internet supervisor software, or even endless gossips. As most of the invasions do only slightly or untangible harm to our nomal life, I assume it's all right to be more tolerant. Those who that too serious about it may possibly suffer from a even higher risk of hypertension. Learning to live with compromised privacy, in fact, is a staple in modern society.

已有 1 人评分	声望	收起理由
番茄斗斗	+ 1	来给PLUKA加个分～～你的COMMENT看着就是舒 ...

总评分: 声望 + 1 查看全部投币

横行不霸道~

windandrain2004
UID：2597690

Rank: 3 Rank: 3

声望: 57
寄托币: 441
注册时间: 2009-2-2
精华: 0
帖子: 6

8楼

发表于 2009-12-26 14:01:31 |只看该作者

占楼

jinziqi
UID：2387034

Rank: 5 Rank: 5

声望: 139
寄托币: 3361
注册时间: 2007-8-21
精华: 0
帖子: 15

9楼

发表于 2009-12-26 14:24:23 |只看该作者

本帖最后由 jinziqi 于 2009-12-26 14:34 编辑

My comment

Happily, there is finally a topic that I am interested in although it is not my major. I am concerned with the topic. Generally, lots of people often use their names combined with their birthdays in different forms which is easy to remember. Only a small number of people will think up a series of strange letters and to remember them as a password. Even they do so, but they will use it for many sites, such as E-mails and QQ number, which is not safe because if one is lost, the others is in the same condition. From the author's opinion, we should set up a password at least 8 symbols or even 12. It can be the first letter of every word in a sentence. But I don't understand what is LastPass. Well, security on the Internet is indeed a hot topic whic need to be considered more, especially in China.

笔记稍后补上~

番茄斗斗
UID：2720914

Rank: 4

声望: 35
寄托币: 950
注册时间: 2009-11-3
精华: 0
帖子: 3

10楼

发表于 2009-12-26 14:49:05 |只看该作者

本帖最后由番茄斗斗于 2009-12-26 14:51 编辑

好词-结构-难句-生词-表达

Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
How to stay sane as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses thePacific to Japan for a month or so. He repeats the trip during thesummer. He considers it crucial in order to keep abreast of（跟上（某事物的发展）） all theingenious technology which, once debugged by the world’s mostacquisitive consumers, will wind up in American and European shops ayear or two later.

Each time he packs his bags, though, he is embarrassed by having toinclude a dog-eared（翻旧了的） set of notes that really ought to be locked up in asafe. This is his list of logons and passwords for all the websites heuses for doing business and staying in touch with the rest of theworld. At the last count（根据有关的最新消息）, the inch-thick list accumulated over the pastdecade or so—your correspondent’s sole copy—includes access details forno fewer than 174 online services and computer networks.

Alamy
He admits to flouting（蔑视） the advice of security experts: his failingsinclude using essentially the same logon and password for many similarsites, relying on easily remembered words—and, heaven forbid, writingthem down on scraps of paper. So his new year’s resolution is to set upa proper software vault for the various passwords and ditch thedog-eared list.

Your correspondent’s one consolation is that he is not alone in usingeasily crackable words for most of his passwords. Indeed, the majorityof online users have an understandable aversion to strong, buthard-to-remember, passwords. The most popular passwords in Britain are“123” followed by “password”. At least people in America have learnedto combine letters and numbers. Their most popular ones are “password1”followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it isfor thieves to guess. Ironically, the opposite—the harder it is toremember, the harder it is to crack—is often far from true. That isbecause, not being able to remember long, jumbled sets of alphanumeric（含有字母和数字的）characters interspersed with symbols, people resort to writing themdown on Post-it notes left lying around the office or home for all andsundry（不同的） to see.

Apart from stealing passwords from Post-it notes and the like,intruders basically use one of two hacks to gain access to otherpeople’s computers or networks. If time and money is no problem, theycan use brute-force methods that simply try every combination ofletters, numbers and symbols until a match is found. That takes a lotof patience and computing power, and tends to be the sort of thing onlyintelligence agencies indulge in.

A more popular, though less effective, way is to use commercialsoftware tools such as “L0phtCrack” or “John the Ripper” that can befound on the internet. These use dictionaries, lists of popularpasswords and rainbow tables（彩虹表：是一个庞大的、针对各种可能的字母组合预先计算好的哈希值的集合） (lookup tools that turn long numberscomputed from alphanumeric characters back into their original plaintext) to recover passwords.

According to Bruce Schneier, an independent security expert, today’spassword crackers “can test tens—even hundreds—of millions of passwordsper second.” In short, the vast majority of passwords used in the realworld can be guessed in minutes. And do not think you are being smartby replacing the letters “l” or “i” in a password with the number “1”;or the letter “s” with the number “5” or the symbol “$”. Crackingprograms check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that arestrong enough to make cracking them too time consuming for thieves tobother.

The strength of a password depends on its length, complexity andrandomness. A good length is at least eight symbols. The complexitydepends on the character set. Using numbers alone limits the choice tojust ten symbols. Add upper- and lower-case letters and the complexityrises to 62. Use all the symbols on a standard ASCII keyboard and youhave 95 to choose from.

The third component, randomness, is measured by a concept borrowed fromthermodynamics—the notion of entropy (the tendency for things to becomedisordered). In information theory, a tossed coin has an entropy of one“bit” (binary digit). That is because it can come down randomly in oneof two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, youare usually given the choice of 64-bit or even 128-bit security. Thosebit-numbers represent the entropy (or randomness) of the encryptionused. A password with 64 bits of entropy is as strong as a string ofdata comprising 64 randomly selected binary digits（二进制数字）. Put another way, a64-bit password would require 2 raised to the power of 64 attempts tocrack it by brute force—in short, 18 billion billion attempts. A 64-bitpassword was finally cracked in 2002 using brute-force methods. It tooka network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the Americangovernment’s standards-measuring laboratory in Gaithersburg, Maryland,recommends 80-bit passwords for state secrets and the like. Suchsecurity can be achieved using passwords with 12 symbols, drawn fromthe full set of 95 symbols on the standard American keyboard. Forordinary purposes, that would seem overkill（小题大做）. A 52-bit password based oneight symbols selected from the standard keyboard is generally adequate.

How to select the eight? Best to let a computer program generate themrandomly for you. Unfortunately, the result will be something like6sDt%k&3 that probably needs to be written down. One answer, onlyslightly less rigorous（谨慎的）, is to use a mnemonic constructed from the firstletters (plus contractions) of an easily remembered phrase like “MurderConsidered as One of the Fine Arts” (MCa1otFA) or “To be or not to be:that is the question” (2Bo-2b:?).

Given a robust 52-bit password, you can then use a password manager totake care of the dozens of easily guessable ones used to access variousweb services. There are a number of perfectly adequate products fordoing this. In an early attempt to fulfil his new year’s pledge, yourcorrespondent has been experimenting with LastPass,a free password manager that works as an add-on to the Firefox webbrowser for Windows, Linux or Macintosh. Versions also exist forInternet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mailaddress, LastPass encrypts all the logons and passwords stored on yourcomputer. So, be warned: forget your master password and you could bein trouble—especially if you have let the program delete (as it urgesyou to let it do) all the vulnerable logons and passwords on your owncomputer.

Thereafter, to visit various web services, all you have to do is loginto LastPass and click the website you wish to check out. The toolthen automatically logs you on securely to the selected site. It willeven complete all the forms needed to buy goods online if you havestored your home address, telephone number and credit-card details inthe vault as well.

Your correspondent looks forward to using the service while travellingaround Japan over the next month or so. To be on the safe side,however, his dog-eared list of passwords will still go with him.

---------
SUM-UP:
Today, netizen are using comparatively-simplified password online.Jumble sets of alphanumeric or confusing alternation are no longer safeenough, for they can be easiy cracked by minutes. As a result, security online involves high-tech. Length, complexity andrandomness ,as determinations of the strengh of a password, is enpowered by binary bits, computer programe generation. In addition,the giving password can be guarded by password manager, while you are surfing the net.

COMMENT：
With the advent of high-tech, business has vastly shifted to onlinemarket. This enables the possibility of increasing crimes ,which mainly focus on stealing the online information, and what's more, may squeeze the wealth in your bank account.

This is what high-tech brought us, a promising convience as well as high insecurity. Sticking to the old way,like what the correspondentdid in the given article, to avoid its weakness is none the less unsound. On the contrary, an advanced way is appreciated,as there's always a solution given after the burst of a mess.

We have heard boundless complaints about information age, including the insecurity of it. Contrary to the public perception, insecurity shares no difference in before and after information age, and what allurs us into the misunderstanding is the convenience brought by information age.Online business for example, as tranction increased, so is the exposureto risk. Meanwhile, we have to admit the chance of risk is comparatively shrinking as well.

番茄斗斗
UID：2720914

Rank: 4

声望: 35
寄托币: 950
注册时间: 2009-11-3
精华: 0
帖子: 3

11楼

发表于 2009-12-26 14:49:38 |只看该作者

好词-结构-难句-生词-表达

Passwords aplenty
Dec 18th 2009 | LOS ANGELES
From Economist.com
How to stay sane as well as safe while surfing the web
AT THIS time of the year, your correspondent crosses thePacific to Japan for a month or so. He repeats the trip during thesummer. He considers it crucial in order to keep abreast of（跟上（某事物的发展）） all theingenious technology which, once debugged by the world’s mostacquisitive consumers, will wind up in American and European shops ayear or two later.

Each time he packs his bags, though, he is embarrassed by having toinclude a dog-eared（翻旧了的） set of notes that really ought to be locked up in asafe. This is his list of logons and passwords for all the websites heuses for doing business and staying in touch with the rest of theworld. At the last count（根据有关的最新消息）, the inch-thick list accumulated over the pastdecade or so—your correspondent’s sole copy—includes access details forno fewer than 174 online services and computer networks.

Alamy
He admits to flouting（蔑视） the advice of security experts: his failingsinclude using essentially the same logon and password for many similarsites, relying on easily remembered words—and, heaven forbid, writingthem down on scraps of paper. So his new year’s resolution is to set upa proper software vault for the various passwords and ditch thedog-eared list.

Your correspondent’s one consolation is that he is not alone in usingeasily crackable words for most of his passwords. Indeed, the majorityof online users have an understandable aversion to strong, buthard-to-remember, passwords. The most popular passwords in Britain are“123” followed by “password”. At least people in America have learnedto combine letters and numbers. Their most popular ones are “password1”followed by “abc123”.

Unfortunately, the easier a password is to remember, the easier it isfor thieves to guess. Ironically, the opposite—the harder it is toremember, the harder it is to crack—is often far from true. That isbecause, not being able to remember long, jumbled sets of alphanumeric（含有字母和数字的）characters interspersed with symbols, people resort to writing themdown on Post-it notes left lying around the office or home for all andsundry（不同的） to see.

Apart from stealing passwords from Post-it notes and the like,intruders basically use one of two hacks to gain access to otherpeople’s computers or networks. If time and money is no problem, theycan use brute-force methods that simply try every combination ofletters, numbers and symbols until a match is found. That takes a lotof patience and computing power, and tends to be the sort of thing onlyintelligence agencies indulge in.

A more popular, though less effective, way is to use commercialsoftware tools such as “L0phtCrack” or “John the Ripper” that can befound on the internet. These use dictionaries, lists of popularpasswords and rainbow tables（彩虹表：是一个庞大的、针对各种可能的字母组合预先计算好的哈希值的集合） (lookup tools that turn long numberscomputed from alphanumeric characters back into their original plaintext) to recover passwords.

According to Bruce Schneier, an independent security expert, today’spassword crackers “can test tens—even hundreds—of millions of passwordsper second.” In short, the vast majority of passwords used in the realworld can be guessed in minutes. And do not think you are being smartby replacing the letters “l” or “i” in a password with the number “1”;or the letter “s” with the number “5” or the symbol “$”. Crackingprograms check all such alternatives, and more, as a matter of course.

What should you do to protect yourself? Choose passwords that arestrong enough to make cracking them too time consuming for thieves tobother.

The strength of a password depends on its length, complexity andrandomness. A good length is at least eight symbols. The complexitydepends on the character set. Using numbers alone limits the choice tojust ten symbols. Add upper- and lower-case letters and the complexityrises to 62. Use all the symbols on a standard ASCII keyboard and youhave 95 to choose from.

The third component, randomness, is measured by a concept borrowed fromthermodynamics—the notion of entropy (the tendency for things to becomedisordered). In information theory, a tossed coin has an entropy of one“bit” (binary digit). That is because it can come down randomly in oneof two equally possible binary states.

At the other extreme, when you set the encryption of a Wi-Fi link, youare usually given the choice of 64-bit or even 128-bit security. Thosebit-numbers represent the entropy (or randomness) of the encryptionused. A password with 64 bits of entropy is as strong as a string ofdata comprising 64 randomly selected binary digits（二进制数字）. Put another way, a64-bit password would require 2 raised to the power of 64 attempts tocrack it by brute force—in short, 18 billion billion attempts. A 64-bitpassword was finally cracked in 2002 using brute-force methods. It tooka network of volunteers nearly five years to do so.

The National Institute of Standards and Technology, the Americangovernment’s standards-measuring laboratory in Gaithersburg, Maryland,recommends 80-bit passwords for state secrets and the like. Suchsecurity can be achieved using passwords with 12 symbols, drawn fromthe full set of 95 symbols on the standard American keyboard. Forordinary purposes, that would seem overkill（小题大做）. A 52-bit password based oneight symbols selected from the standard keyboard is generally adequate.

How to select the eight? Best to let a computer program generate themrandomly for you. Unfortunately, the result will be something like6sDt%k&3 that probably needs to be written down. One answer, onlyslightly less rigorous（谨慎的）, is to use a mnemonic constructed from the firstletters (plus contractions) of an easily remembered phrase like “MurderConsidered as One of the Fine Arts” (MCa1otFA) or “To be or not to be:that is the question” (2Bo-2b:?).

Given a robust 52-bit password, you can then use a password manager totake care of the dozens of easily guessable ones used to access variousweb services. There are a number of perfectly adequate products fordoing this. In an early attempt to fulfil his new year’s pledge, yourcorrespondent has been experimenting with LastPass,a free password manager that works as an add-on to the Firefox webbrowser for Windows, Linux or Macintosh. Versions also exist forInternet Explorer on Windows and Safari on the Mac.

Once installed and given a strong password of its own, plus an e-mailaddress, LastPass encrypts all the logons and passwords stored on yourcomputer. So, be warned: forget your master password and you could bein trouble—especially if you have let the program delete (as it urgesyou to let it do) all the vulnerable logons and passwords on your owncomputer.

Thereafter, to visit various web services, all you have to do is loginto LastPass and click the website you wish to check out. The toolthen automatically logs you on securely to the selected site. It willeven complete all the forms needed to buy goods online if you havestored your home address, telephone number and credit-card details inthe vault as well.

Your correspondent looks forward to using the service while travellingaround Japan over the next month or so. To be on the safe side,however, his dog-eared list of passwords will still go with him.

---------
SUM-UP:
Today, netizen are using comparatively-simplified password online. Jumble sets of alphanumeric or confusing alternation are no longer safe enough, for they can be easiy cracked by minutes. As a result, security online involves high-tech. Length, complexity andrandomness ,as determinations of the strengh of a password, is enpowered by binary bits, computer programe generation. In addition, the giving password can be guarded by password manager, while you are surfing the net.

COMMENT：
With the advent of high-tech, business has vastly shifted to online market. This enables the possibility of increasing crimes ,which mainly focus on stealing the online information, and what's more, may squeeze the wealth in your bank account.

This is what high-tech brought us, a promising convience as well as high insecurity. Sticking to the old way,like what the correspondent did in the given article, to avoid its weakness is none the less unsound. On the contrary, an advanced way is appreciated,as there's always a solution given after the burst of a mess.

We have heard boundless complaints about information age, including the insecurity of it. Contrary to the public perception, insecurity shares no difference in before and after information age, and what allurs us to the misunderstanding is the convenience brought by information age. Online business for example, as tranction increased, so is the exposure to risk. Meanwhile, we have to admit the chance of risk is comparatively shrinking as well.

fancyww
UID：2583671

Rank: 5 Rank: 5

声望: 75
寄托币: 1342
注册时间: 2008-12-18
精华: 0
帖子: 15

12楼

发表于 2009-12-26 18:05:02 |只看该作者

本帖最后由 fancyww 于 2009-12-26 18:19 编辑

My Comment

After reading of the article, the novel of Dan Brown--Digital Fortress immediately came to my mind. In the book, the United States' National Security Agency owns a code-breaking machine--TRANSLTR. It is a very powerful machines that can basically compute and break any code and password. So the American government can have the access to almost all the encoded information. The novel raises the issue of government surveillance of electronically stored information on the private lives of citizens, and the possible civil liberties and ethical implications using such technology.
We may feel violated for government's surveillance on our private information, but at least they will not interfere with and harm with justified right and interests. However, if such technology was used illegally by some intruders like the article suggests, it could bring really serious consequences.

Well,fortunately, the present code cracking softwares like "L0phtCrack" or "John the Ripper" seems not so powerful as the TRANSLTR. By the way, I think the name " John the Ripper", which is obviously from '"Jack the Ripper", is quite vivid but also chilly.

Then the article gives us some bad examples and advice on managing your password safety. To me I often use two set of password, a simple one and a relatively complicated one. On one hand, the simple password is used in some less important situations such as different BBS. Nowadays, we have to register and login in order to read the information we need on some BBS. But some of them I do not go often, and I used to forget the registered name and password. So now I use the same name and login password. It really saves me a lot of trouble. On the other hand, the complicated password contents numbers, letters, and symbols. This one is often used as email, QQ, MSN, and on-line bank passwords. In this way, I avoid to keep different passwords in a notebook, which, as the article says, is also an unsafe way.

The article mentions some softwares to manage our passwords. But there are still potential dangers: if your master password was leaked or forgotten, you would get into huge trouble. In my view, I would rather not use such softwares, at least for now.

In conclusion, the article indeed reminds us the importance of password safety, and gives us some good points about setting our password. The modern technology provide us with some sort of convenience; however, the same level, or even more serious troubles are coming along with it.

tequilawine
UID：2702008

Rank: 5 Rank: 5

声望: 66
寄托币: 1811
注册时间: 2009-9-22
精华: 0
帖子: 11

13楼

发表于 2009-12-26 18:35:12 |只看该作者

本帖最后由 tequilawine 于 2009-12-27 15:30 编辑

Correspondent
keep abreast of 保持与。。。并列了解。。。的最新情况
debug排除故障
flout藐视轻视
heaven forbid 但愿不会如此！千万不要这样！ Scrap paper便条纸
Consolation
crackable
have an aversion to讨厌不喜欢 jumbled混乱的乱七八糟的
interspersed with用什么点缀着
resort to诉诸于采取
all and sundry adv 全部 Apart from脱离，除此之外
the sort of那种
indulge in任凭自己沉溺于。。。
as a matter of course自然，通常 upper- and lower-case大小字母写盘 and the like等等

1 He considers it crucial in order to keep abreast of all the ingenious technology which, once debugged by the world’s most acquisitive consumers, will wind up in American and European shops a year or two later. 怎么翻译呀？
2 At the other extreme, when you set the encryption of a Wi-Fi link, you are usually given the choice of 64-bit or even 128-bit security. Those bit-numbers represent the entropy (or randomness) of the encryption used. A password with 64 bits of entropy is as strong as a string of data comprising 64 randomly selected binary digits. Put another way, a 64-bit password would require 2 raised to the power of 64 attempts to crack it by brute force—in short, 18 billion billion attempts. A 64-bit password was finally cracked in 2002 using brute-force methods. It took a network of volunteers nearly five years to do so. 没有看明白
3 That is because, not being able to remember long, jumbled sets of alphanumeric characters interspersed with symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry to see.

As we know we can never be safe, quoted from the passage, if we just use the very essential same for login and password. Ironically, most of us, even worldwide, prefer to use this sort of crackable thing.
Why does this happen? Maybe we can explain it from two points.
First, populace has a strong aversion to strong, but hard-to-remember, passwords. While can the opposite side work well? This is far from what you think. That is because, not being able to remember long, jumbled sets of alphanumeric characters interspersed with symbols, people resort to writing them down on Post-it notes left lying around the office or home for all and sundry to see.
So what is the way to protect yourself on computer?
The answer is obvious, as we all know, choosing the passwords that are strong enough to make cracking them too time consuming for thieves to bother. To strengthen it , we can do from three ways, its length, complexity and randomness. Apart from using the upper- and lower-case, we mainly focus on the third component, randomness. It is a notion of entropy, used in thermodynamics, which seems it will multiple your number and make it more complicated. And as technology advanced, we also can find some tools on line, but to be caution, you need to remember how to fix it once you delete the tool.

dingyi0311
UID：2627919

Rank: 3 Rank: 3

声望: 2
寄托币: 732
注册时间: 2009-4-11
精华: 0
帖子: 0

14楼

发表于 2009-12-26 21:38:41 |只看该作者

本帖最后由 dingyi0311 于 2009-12-26 21:40 编辑

Sentences
The third component, randomness, is measured by a concept borrowed from thermodynamics—the notion of entropy (the tendency for things to become disordered). In information theory, a tossed coin has an entropy of one “bit” (binary digit 二进制数据). That is because it can come down randomly in one of two equally possible binary states.
Choose passwords that are strong enough to make cracking them too time consuming for thieves to bother.
Ironically, the opposite—the harder it is to remember, the harder it is to crack破解—is often far from true
Cracking programs check all such alternatives, and more, as a matter of course. 并且习以为常。

Words
acquisitive贪婪的可获得的
Debugged调试
vault 保险库
master password主密码
my comments
dog-eared 用旧的，卷角的
mnemonic 记忆法则

This report tell us the side effect brought by the computer technology, which can be used as a good example to illustrate the inconveniency technology bring to us.

The argument can goes like this: even though nowadays advanced technology have brought us vast convenience to our daily live and save our time, We now can send our letters to our friends by writing E-mails via a click of mouse, we can ask for fast food through online fast food restaurants, also we can even receive education in front of the screen. Yet this technology cause much trouble to us as well. As the webs have to confirm our identification, it needs unique username and password on almost every website so as to provide us with service. Those passwords are easy to be forgotten as it too complex. And the opposite- easy to remember- is means simple be crack by hackers. The result is that we have a pile of notebook to write down our passwords and username of hundreds of website and it is disastrous if we lose this note.

There are also something I have learnt from this passage. It was explained to us the relationship between the safety of the password and the length and symbols was used. At least three ways to crack the password are also illustrate to us. And most practically, it tell us how to set a password
to encrypt software and make it relatively more save. The author also introduce a piece of software
called LastPass to manage our passwords. I really appreciate it since I’m also being troubled with too many different passwords.

走别人的路，让别人无路可走

qisaiman
UID：2703629

Rank: 4

声望: 34
寄托币: 901
注册时间: 2009-9-26
精华: 0
帖子: 0

15楼

发表于 2009-12-26 22:11:02 |只看该作者

本帖最后由 qisaiman 于 2009-12-27 19:41 编辑

Aplenty : being abundance
Correspondent 通讯记者
Abreast 并列
Wind up
Dog-eared
Logons and passwords
Flout 嘲笑
Vault 地窖
Consolation 安慰
Sundry 各种各样的
Intruder
Rainbow tables
As a matter of course理所当然
Overkill 矫枉过正
Mnemonic 记忆的

To surf the web, lots of logons and passwords need remembering by people. Due to one can not remember too many different sets of logons and pws, simple passwords are used mostly, which can be easily cracked, leading to disclosure of personal information and even financial loss. Hence strong pws are required to keep the thieves away.
The strength of pw depends on three factors: length, complexity, and randomness. The randomness is measured by a notion of entropy. According to the security experts, a 12-bit pw is necessary in daily life. And the best method to obtain a strong pw is to use a computer-generated one. Again, the how-to-remember question is here. The article comes to its purpose--- in my view, introducing a pw management software, by which the logons and pws is encrypted. Then all you need is a adequate strong pw for the software and a email just in case.