Sukhbir Singh

Your passwords are the keys you use to access personal information – stored in your computer or your online accounts. It is not easy to break a password – there is no direct way to do this, however certain other methods do exist – if your password is weak (read on to find out more) – it can be recovered in a couple of minutes using an ordinary computer.Here are a few tips on choosing a strong password. As we proceed, I will explain clearly the difference between a strong password and a weak one. Or rather, how to classify them.

How to choose a strong password?:

A strong password is one which has a random string of characters. It should meet the following criteria.

1. Length – The rule of the thumb is – each character you add to your password increases the protection that it provides by many times over. An ideal password is 8 or more characters: 14 characters or more is recommended.

You can also use a ‘pass phrase’. Since many systems support the use of space bar in passwords (a space bar is equal to a *, it is counted as part of the password), you can create a phrase made of many words. For example:

Mypasswordcanneverbecompromised.

Such a password is easy to remember and very hard to recover.

2. Combine letters, numbers and symbols – The more variety of characters you have, the more secure is the password. Instead of your password being ladyluck, change it to l@dYlucK123. Use the entire keyboard, your password will be much stronger if you use all the symbols.

– A strong and easy to remember password in 4 steps –

1. Passphrase – Think of a sentence you can remember and if the password system accepts [spacebar] as a character – your password can be made very strong and very easy to remember.

2. Add complexity – Mix uppercase and lowercase letters and numbers. Letter swapping and misspellings are recommended. For example, if your password says, ‘My name is James Bond’, it can be also said as, ‘My nAMe iz J@me$ B0|\|D’ – which is a much better password than the former.

3. Add special characters – Like in the previous example, substituting @ for a, $ for S, increases the strength of a password.

4. Change your password regularly if it is simple. Doing so is a good practise.

Weak Passwords (Password strategies to avoid)

1. Avoid repeated characters – such as 123456, asdfg or adjacent letters on your keyboard.

2. Don’t use dictionary words (ever) – Using sophisticated tools (explained later) passwords that are based on words from the dictionary can be guessed/ broken in almost no time. This includes dictionary words spelled backwards, mis-spellings and substitutions.

3. Use more than one password everywhere - If you have multiple accounts, using a common password is not recommended. It is critical to use different passwords for different systems.

4. Don’t give out your passwords over e-mail or based on an e-mail request - Any e-mail that requests your password or requests you to go to a website to verify your password is almost certainly a fraud. Such a method is called as ‘phishing’
(read fishing). Read more here.

5. Do not type passwords on computers that you do not control – Computers such as those in Internet cafes, computer labs or airport lounges etc. are unsafe for any personal use other than anonymous Internet browsing. Do not use the computers at such places to check emails, bank balances, business mail or any other account that requires a username and password. Chances are – keyloggers are installed and your password will be recorded.

6. Do not use other information easily that can be easily guessed. This includes pet names, license plate numbers, telephone numbers, identification numbers, birthdate etc. If you have multiple passwords, you can store them in a ‘password safe’. Some safes worth checking out are:

(KeePass is highly recommended)

KeePass – keepass.sourceforge.net {Open source password safe}
Password Safe – passwordsafe.sourceforge.net {Same}
Norton Password Manager – Symantec {Paid}

===

How can passwords be broken?

Many password recovery tools are out there. They use a technique called a brute force attack. To understand this, let me give you an example.

I had a debate with my friend – I challenged him that I can get the password to his Microsoft Word (.doc) file. [To add a password to a Word file, go to Tools>Options>Security] He said it was impossible since it was clearly mentioned that passwords once lost can never recovered (Word says this).

Using a dictionary brute force, I got his password in 15 minutes on my Pentium 4 machine. Simple. Why? Why was I able to recover his password when Word clearly says that password can never be recovered?

His password was ‘ladyluck’. A brute force attack on the Word file started checking every possible password from a simple ‘a’ to the word ‘ladyluck’. So the password was compromised.

But had his password been something like, ‘920394290asdas23@#@#’ it would have taken years to get the password. That is why the emphasis on the length and complexity – brute force attack time is directly proportional to the length.

A network of computers (a farm as it is called) can be used for brute forcing. Such an attack, can typically recover a password that would take decades on your computer to break, in a few minutes. However, you are out of this!

Stay secure!

[Comments can also be found here]

Fonzter.com is a popular teen blog which has a huge audience in Punjab.

I was surprised when I recieved an email from one of the founders – requesting me to write for the blog. Of course! I was too happy to accept.

Check it out once!

A very happy birthday to me. I have turned 18 now.

Since it is a special day, may:

- people stop discriminating on the basis of religion and race.

- you adopt open source software. Get Linux. I don’t say don’t use Windows; but prefer using open source. After all, software is meant to be free. At least the code.

- the Manmohan Singh government wake up and stop living in dreams. Quota based on caste is as obsolete as Windows 98.

- you may finally realize that IE sucks and please don’t ask me why. I am sick of explaining to people this simple fact. I get people calling me after messing up their computers. I ask them one simple question. Do you use IE? And they say yes. I tell them to switch over to Firefox. Then they make me go nuts by asking WHY IS IE not GOOD? Damn it.

- if you do use commerical software, buy it. Don’t use cracks or keygens.

- and please don’t outcast an entire community just cause of a few people.

- wish me happy birthday!

This post is for my friend – Faraz, who called me up and asked me about this. So here it is.

Why Partition?

Let us imagine a scenario in which you only one partition (C:\) on your PC. And you have everything on it – all your Mp3s, movies and other documents.

The problems with a single partition are many – your OS can get corrupted, a virus which can’t be removed (yes!), a root-kit or some other problem which is forcing you to format your hard-disk. In such a case, you will lose your all data or you will be forced to backup folder-by-folder to another media – which is a tidy process itself.

This is where partitioning comes in. You have different partitions for everything. One for the OS, the other for the data and someother for your music collection.

In this way, you can safely reinstall your OS – and preserve your data.

How To?

The most common partitioning tool is Partition Magic by Norton, though it is paid (expensive)

I recommend an open source alternative (as usual) called GParted which is based on the Linux kernel. It is fast, easy and FREE.

Go over to http://gparted.sourceforge.net and download the ISO (30 MB, fits on a biz-CD). Burn it to a CD and then boot your PC from the GParted Live CD. It will allow you to create, move or resize your partitions.

Common filesystems :

Windows – FAT,  FAT32 and NTFS

Linux – ext2, swap

BTW, found a very good blog related to daily health problems. I suggest you go over and read it! Health Blog

I had heard about something called Virtualization: to run multiple Operating Systems simultaneously. I had nothing else to do, so decided to give this a shot.

First, as always I went over to Wikipedia and here is what I found.

I decided to try VMware, downloaded a trial version and then I was raring to go.

The host operating system was Windows XP. I installed Windows 98 SE as guest operating system and here I was! Running two Operating Systems side-by-side! It looked way too cool!

Then I installed Ubuntu. So now I am running 3 Operating Systems: at once.

The good thing about virtualization is that the guest operating systems are isolated from the host operating system. The guest OS can be used for software testing and to run software that you doubt about. (The best example: software cracks)

Screenshots:
1. Windows 98SE on Windows XP.

2. Ubuntu Linux on Windows XP.

Now even Albert Einstein is endorsing for my blog!

Here is the list of the top ten rock songs, decided by me. Individual choices may vary. They always do . . .

[ Check the comments. They are enough!]

I don’t know why but I just can’t get Stairway to Heaven and Wish You Were Here out of my head. I just can’t.

I was one of those die-hard MP3 fans, till today.

I ripped a CD using Winamp in the two formats – MP3 and OGG. Then I compared the results for clarity and sound reproduction. The sound quality option was the same in both cases. The song selected (AC/DC – You Shook Me All Night Long) was also the same.

There is no doubt. OGG is the best. MP3 failed to produce the sound clarity that was there in the original audio CD.

To those who know what this festival is about, Happy Lohri!

For those who don’t, click [here]

After you have read about it, read the first line again!