Monthly Archives: October 2012

Password Cracking and Password Hashes

With all the noise about password security going around, there is bound to be some accidental leakage of the phrase “password hashes”. This post is about what they are, and how password cracking works with password hashes. What Is A … Continue reading

Comments Off on Password Cracking and Password Hashes

Password Audit Procedure

This blog entry is intended to document a technical procedure used to perform a password audit. This is mostly intended for future use by security analysts who may be called on to perform a password audit, but is published here for … Continue reading

Posted in Passwords, Technical | Comments Off on Password Audit Procedure

Creating “Long and Strong” Passwords

This blog entry is one of a number of blog entries on the IS Security Blog on password security. The entire category can be visited at the URL: http://securityblog.port.ac.uk/?cat=9. If you are just looking for advice on choosing an appropriate … Continue reading

Comments Off on Creating “Long and Strong” Passwords

Email Encryption with PGP

This post will not tell you how to do email encryption and digital signing with PGP (or GNU PGP), but why and to introduce some of the concepts of PGP. Hopefully without making the mistake that most documents talking about encryption make which … Continue reading

Comments Off on Email Encryption with PGP

Distributed Password Guessing

It is often the case that whenever weak passwords are discussed, it is assumed that these are always attacked by “obtaining” password hashes and using a tool such as John the Ripper (there are plenty of others) to ‘crack’ weak passwords. … Continue reading

Posted in Passwords | Comments Off on Distributed Password Guessing

The Only People Who Ask For Your Password …

… are people who wish to abuse your account(s). We are constantly bombarded with spam, and whilst the existing defences protect us against most of it some still gets through. And quite a bit of that spam is intended to … Continue reading

Comments Off on The Only People Who Ask For Your Password …

Full-Disk Encryption On Non-Standard Builds

Everyone should be aware that laptops (at the very least) should be setup for full-disk encryption. This is to ensure that any laptops that go missing – stolen or lost – are not causes for potential leakage of restricted data. … Continue reading

Comments Off on Full-Disk Encryption On Non-Standard Builds