The article “Two-Factor Authentication” by Corey Steele [LJ, November 2005] raised a few questions in my mind about using passwords alone.
Without using two-factor authentication, and with the better and quicker password-breaking tools, how long does it take to break a password?
And, how much more time does it take for every character added to a password?
Is my 15-character password much stronger than an 8-character password (assuming they both have been chosen with the same level of inherent “strength”)?
How long of a password is needed to make the new better and quicker breaking tools impractical?
Please run some tests. I want to know.
PS: Is it really true that 90% of the passwords in use are
on a short list of 100 passwords? I can't believe it.
I found the article “Radio's Next Generation: Radii” by Dan Rasmussen, Paul Norton and Jon Morgan, about the Internet Radio [LJ, November 2005] quite interesting.
It reminds me of a time quite a few years ago when I interfaced a Commodore VIC-20 with a set of Moog Taurus II pedals and turned it into a MIDI controller. We actually used it to perform live at the Festival of Arts in Grand Rapids, Michigan. That was back in the 1980s! My brother played guitar and used the pedals for playing whatever (bass, strings and so on) on his Roland D10. I play drums. Boy, those were the days! I programmed the whole thing in 6502 assembly.
I would like to suggest, if you hadn't thought of it already, that you could get one of those Linux-based SBCs, similar to those advertised in Linux Journal, which cost not much more than an old laptop, and interface it with an old SoundBlaster 16 board and make the whole thing self-contained. Then you wouldn't have to play “Hide the Laptop” and you wouldn't have to wait for it to boot before listening to your favorite tunes.
Love that Linux Journal magazine. It's not all corporate fluff, but
hacking and even some electronics now and then! I'm so glad someone
publishes this stuff!
As a new amateur astronomer and an avid Linux user, I was eager to somehow use both hobbies together. I had recently bought a rather nice Discovery 15-inch Dobsonian telescope. I also bought an Argo Navis Digital Telescope computer (DTC) to guide me to all the cool astronomical objects in the night sky, from Wildcard Innovations, and was anxious to use KStars, a KDE project, on my Linux laptop. To my dismay, the DTC wasn't compatible with KStars. The two systems would not allow me to see what my telescope was pointing at in the night sky. I had put both the DTC and KStars in the “Meade” emulation mode, but still no joy.
Linux, OSS and the GPL to the rescue! I had never gotten involved in an open-source project before but did have many great support experiences via OSS project listservers. So I thought I would give a shot to soliciting a modification to KStars. The KStars developers were fantastic, as I hear most OSS project maintainers are. I contacted the driver maintainer for KStars, Jasem Mutlaq, and he was very friendly and helpful. First I described my situation, and he gave me several ideas to try. They failed, so Jasem got the technical specs for the Argo Navis DTC from their Web site and almost immediately set about modifying an existing driver, the driver for Meade telescope. In a couple of days Jasem had something for me to try. I had never used Subversion before, so Jasem patiently talked me through using it to download and compile the latest KStars source code. We got close on the first try, me doing the testing and Jasem making source mods. The second try was much more successful—the pointer on KStars was moving as I moved the telescope, but when it went off the screen, KStars didn't update the skymap properly. So after one more modification, Jasem had done it. I was in Linux, KStars and Astronomy heaven. I could move the telescope, and KStars, through coordinates passed to it via the DTC, was updating the skymap and very accurately showing me exactly what my telescope was pointing at in the night sky! I could actually look at the KStars screen to find objects to view. Jasem also informed me that the next release of KStars would include the modified Meade telescope driver renamed as “Argo Navis” for all to use and enjoy. Wow that was cool!
After everything was working, Jasem asked me for a little favor. He needed to debug his Sky Commander driver so I put my Argo Navis DTC in the Skycomm mode and operated it with KStars to help him with debugging the Sky Commander Digital Setting Circle unit. He didn't have one, and since my Argo Navis had a mode for it, I was more than happy to help. I gave him the requested debugging output from KStars and he was able to fix his driver.
This development experience was fun, pleasant, fast and most of all free. I learned a lot too. Try doing that with a proprietary software package!
By the way, Jasem lives in Kuwait. Talk about a distributed development
environment! But the whole process worked very well.
Greetings. I'm a new subscriber to your fine magazine, with my first
issue being your November 2005 issue.
I see that in that issue you have a letter from a reader promoting
JBuilder. I have used JBuilder before, and I can agree that it's a fine
IDE, but I wanted to point out that Netbeans is also free and just as
good, if not better. Personally, having used both, I prefer Netbeans.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Server Hardening
- BitTorrent Inc.'s Sync
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- The Humble Hacker?
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- The US Government and Open-Source Software
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- ACI Worldwide's UP Retail Payments
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide