John Navas wrote:
> On 7 Aug 2006 06:33:05 -0700, "Amanda" <amanda772008@yahoo.com> wrote in
> <1154957585.144523.178440@h48g2000cwc.googlegroups .com>:
>
> >John Navas wrote:
>
> >> Right. And diceware words are a good way to do that.
> >> <http://world.std.com/~reinhold/diceware.html>
> >
> >
> >The site also has a link " If all you need right now is a login
> >password, click here".
> >It says, after the instruction,
> >
> >"Such passwords are suitable for systems that limit the number of bad
> >login attempts an attacker can make and protect the file containing the
> >encrypted passwords (this is called password shadowing on Unix-based
> >systems). Unless you are sure this is the case pick a stronger password
> >following the advice below"
>
> That refers to a password of only 8 characters.

Which refers to a password of only 8 characters? You means the
passwords for systems that limit the number of bad login attempts?


>
> >What it said "below" as referred to was
> >
> >" We are not experts on Windows, but at least one source we found says
> >password hashes are not fully protected in Windows systems. If an
> >attacker obtains the password hash, they can test millions of trial
> >passwords in a matter of minutes. As a result, you should use a strong
> >passphrase or string random characters."
>
> That refers to having Windows save entered passwords (e.g., for external
> websites). To avoid any problem, don't have Windows save passwords.
> I use and recommend Password Safe <http://passwordsafe.sourceforge.net/>
> instead, both for generating and for saving. Originally created by
> noted cryptographer Bruce Schneier of Counterpane Labs, Password Safe is
> open source and free, and has been subjected to extensive peer review.
> I use 14 random characters when I can, otherwise as many as possible,
> and a different password for each different purpose.
>
> >So, is a passphrase pr passphrase(s) the solution to every online log
> >in then?
>
> Strong passwords and passphrases are only as good as the rest of your
> security. Again, that's why I use and recommend Password Safe.

I never let wondows save my passwords.

>
> >If I have a strong passpharse for my wirelwess network, would it still
> >be necessary to create passphrase(s) for my online activities or are
> >the ones I created - different ones depending on the impoirtant of the
> >account which I didn't write down in English - enough?
>
> If you're like most people, your current passwords and passphrases
> aren't terribly good.

I am not like most people:)- But I'll improve mine.


>
> >Btw, if I want a guest to get onto my wireless network to use internet
> >via the guest's laptop, what is the procedure I need to do on that
> >laptop? Just enter "WPA Shared Key:" to give the guest access. I will
> >have to do it only once, right?
>
> Right. But that compromises your security. Ideally you want a
> hotspot-type router that can give them controlled access to the Internet
> without needing your wireless key and isolating them from your own
> wireless and wired clients.

What of the guest is using his laptop given by his employer "Intel"? Am
a I safer assuming that his laptop has high security? The guest is
staying at my place temporarily.

> The least expensive way to do that is with third-party firmware in supported
> hardware like the Linksys WRT-54GL.

That third-party firmware is not supported in WRT 54G, right? What "L"
stands for in WRT-54GL.

>
> --
> Best regards, FAQ for Wireless Internet: <http://Wireless.wikia.com>
> John Navas FAQ for Wi-Fi: <http://wireless.wikia.com/wiki/Wi-Fi>
> Wi-Fi How To: <http://wireless.wikia.com/wiki/Wi-Fi_HowTo>
> Fixes to Wi-Fi Problems: <http://wireless.wikia.com/wiki/Wi-Fi_Fixes>