Guild Wars Forums - GW Guru

Go Back   Guild Wars Forums - GW Guru > Forest of True Sight > Technician's Corner


Thread Tools Display Modes
Old Oct 14, 2010, 08:08 PM // 20:08   #1
Krytan Explorer
Chrisworld's Avatar
Join Date: Aug 2010
Guild: Gameamp Guides [AMP]
Profession: W/

Disable Ads
Default Feasible, real-world passwords

Me of all people should know better but I want opinions from others here just to strengthen my thoughts here..

Does anyone here think that this webpage generates perfect brute-force-proof passwords..theoretically?

I'm not necessarily looking for a GW password generator here, because a lot of things use passwords besides GW...

More importantly ... would these also be good for use with GW or do the hackers know how to bust this stuff too?

The page always sends a random string of three different text, random ascii and hexadecimal stuff.

What are your thoughts?
Chrisworld is offline   Reply With Quote
Old Oct 14, 2010, 09:26 PM // 21:26   #2
Forge Runner
Icy The Mage's Avatar
Join Date: Apr 2008
Location: Canada
Profession: E/

Any time anything is "pseudo-random" I raise an eyebrow as to how complicated their algorithms are. For all intents and purposes, using those passwords are completely hackproof due to the fact that the hackers would know neither the algorithm used to create the password, what password field you took yours from nor would they know the string length.

However, they could possibly hack or bribe(?) the GRC site admin into getting the algorithm but still, that's a completely huge stretch, ...

Alternatively, if you want true random:

They don't use algorithms to create pseudo-random numbers but rather the aforementioned electrical / mechanical noise found in chaotic physical systems.

tl;dr: Unless you're being stalked by the Feds, GRC is fine - if you're paranoid about life itself, use

Last edited by Icy The Mage; Oct 14, 2010 at 09:30 PM // 21:30.. Reason: misinformation
Icy The Mage is offline   Reply With Quote
Old Oct 15, 2010, 02:05 AM // 02:05   #3
Grotto Attendant
Join Date: Apr 2007

1. The randomness of your password has no correlation to its resistance to brute forcing. All that matters against brute force is the size of the search space, which is generally going to be alphabet_size^password_length.

2. Really dumb passwords that are generated early by simple/obvious search algorithms are an exception, but a trivial one.

3. Randomness increases resistance against dictionary attacks, including attacks that try ciphers of the dictionary terms. But you don't need true randomness to avoid that - just nonsense.

4. Icy is correct that true random numbers derived from ambient physical data are superior to pseudo-random numbers for cryptography purpose, but...

5. If you're seriously anticipating an attack from someone where the difference would matter, there's probably a lot of more fundamental security steps you could take that would matter more - like changing to Linux and buying a gun.
Chthon is offline   Reply With Quote
Old Oct 15, 2010, 03:29 PM // 15:29   #4
Hell's Protector
Quaker's Avatar
Join Date: Aug 2005
Location: Canada
Guild: Brothers Disgruntled

"Brute force" methods rely mostly on trying every possible combo of letters and numbers, so it shouldn't matter what method was used to generate the password in the first place. Any possible 64 character password generated by that website could also be generated by other means, including monkeys randomly hitting keys.
The overall security of a password relies on more than just it's length and randomness. It also relies on the method used to input a password, and the relative value of time vs reward, especially when it comes to brute-force methods. For example a system that becomes inactive after X number of incorrect entries can greatly affect brute-force methods.
For GW, most of the account hacking involves key loggers, fake websites, or other methods of capturing the actual password and/or, in some cases, simply guessing the password when someone uses simple passwords like their girlfriends name or whatever. Trying to brute force a 64 character password for GW would be impractical given the time involved and possible rewards. Even a 6 or 8 character (random-ish) password should be enough for GW.
Quaker is offline   Reply With Quote

Share This Forum!  

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT. The time now is 04:04 AM // 04:04.

Powered by: vBulletin
Copyright ©2000 - 2016, Jelsoft Enterprises Ltd.
jQuery(document).ready(checkAds()); function checkAds(){if (document.getElementById('adsense')!=undefined){document.write("_gaq.push(['_trackEvent', 'Adblock', 'Unblocked', 'false',,true]);");}else{document.write("