On 7 Aug 2006 06:33:05 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
<1154957585.144523.178440@h48g2000cwc.googlegroups .com>:

>John Navas wrote:

>> Right. And diceware words are a good way to do that.
>> <http://world.std.com/~reinhold/diceware.html>
>
>
>The site also has a link " If all you need right now is a login
>password, click here".
>It says, after the instruction,
>
>"Such passwords are suitable for systems that limit the number of bad
>login attempts an attacker can make and protect the file containing the
>encrypted passwords (this is called password shadowing on Unix-based
>systems). Unless you are sure this is the case pick a stronger password
>following the advice below"

That refers to a password of only 8 characters.

>What it said "below" as referred to was
>
>" We are not experts on Windows, but at least one source we found says
>password hashes are not fully protected in Windows systems. If an
>attacker obtains the password hash, they can test millions of trial
>passwords in a matter of minutes. As a result, you should use a strong
>passphrase or string random characters."

That refers to having Windows save entered passwords (e.g., for external
websites). To avoid any problem, don't have Windows save passwords.
I use and recommend Password Safe <http://passwordsafe.sourceforge.net/>
instead, both for generating and for saving. Originally created by
noted cryptographer Bruce Schneier of Counterpane Labs, Password Safe is
open source and free, and has been subjected to extensive peer review.
I use 14 random characters when I can, otherwise as many as possible,
and a different password for each different purpose.

>So, is a passphrase pr passphrase(s) the solution to every online log
>in then?

Strong passwords and passphrases are only as good as the rest of your
security. Again, that's why I use and recommend Password Safe.

>If I have a strong passpharse for my wirelwess network, would it still
>be necessary to create passphrase(s) for my online activities or are
>the ones I created - different ones depending on the impoirtant of the
>account which I didn't write down in English - enough?

If you're like most people, your current passwords and passphrases
aren't terribly good.

>Btw, if I want a guest to get onto my wireless network to use internet
>via the guest's laptop, what is the procedure I need to do on that
>laptop? Just enter "WPA Shared Key:" to give the guest access. I will
>have to do it only once, right?

Right. But that compromises your security. Ideally you want a
hotspot-type router that can give them controlled access to the Internet
without needing your wireless key and isolating them from your own
wireless and wired clients. The least expensive way to do that is with
third-party firmware in supported hardware like the Linksys WRT-54GL.

--
Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>