Yesterday we featured an article about a way to speed the cracking of alphanumeric Windows passwords, reducing the time to break such codes to an average of 13.6 seconds. Now more information about Windows vs. other operating systems, especially Mac OS X, has come to light.
“The same password encoded on two Windows machines will always be the same. That means that a password cracker can create a large lookup table and break passwords on any Windows computer. Unix, Linux and the Mac OS X, however, add a 12-bit salt to the calculation, making any brute force attempt to break the encryption take 4,096 times longer or require 4,096 times more memory,” reports Robert Lemos for CNET News.com.
Full article here.
..and our beloved Department of Homeland Security still wants to use Microsoft?
Throughout Microsoft’s entire history, they claim that the latest major security leak/breach is the last one… but it never is. How long will we tolerate Microsoft holding up their Swiss cheese of an OS and announce
“What holes?”
Apple has had 5 security updates in the past year. Microsoft has had more than that in the past week!!
Do you need an extremely secure system? Just use a Mac and then use your favorite password but hold down the “Alt” and/or “Alt with “Shift”.
For example “Password” becomes “?��?ѯ�?” if you alternate “Alt” and “Alt with Shift” on every other character. Even if someone quickly saw it, they’d have a difficult time replicating it!
Now use this technique with a mixed sentence like “100MainSt61006” (street address and zip) becomes “��?������?��??”.
It is very easy to remember and with Apple’s 128-bit encryption, would take years to decrypt, assuming you don’t change it. If you do, it becomes impossible to decode.
Security updates are good.
An update can be a means of transmitting a unique key that provides the means for encryption.
I don’t know if that’s what Apple is doing but if not, it’s a good idea.
Aryugaetu… is correct.
On the Mac to type in special characters we simply hold a single key, but with windows you can not input special characters in a password field as it reads every key typed. So if you are worried about security, use special characters in the password, change at least one character in the password often, use an easer program that meets US DoD standards (7 passes, with zeros and ones), turn on your firewall, do not allow others to see you on the network, LOCK the hardware (desktop) so no one can get inside the computer, activate two opposite corner screen-saver corners with password to reenter, on login only allow three attempts, do not show user name on login screen, make sure and have only one drive set-up as a boot-up drive, do not allow anyone to install anything unless they are a trusted source even stand there when they do install something (just in case), etc. etc.
Who me work in the IT world…
Charles
Leave message for even more information…
If my math is right, that means that a password that takes 13.6 seconds to break under windows would take about 15.5 hours on a Mac. If that’s right, that is HUGE!
Well, being a new convert to MacOS, even if security patches are issued, atleast they don’t bring the whole system to their knees or worse, close the respective security hole then open and entirely NEW hole. With in a space of one week, Microsoft released THREE patches to fix one security hole. Each release either missing it, or completely screwing the system.
This security record has nothing to do with market share but everything to do with good old fashioned UNIX and programmers at Apple following the rules which ensure secure code is produced.
I’m not sure of the exact type of encryption Windows has dreamed up, but Macs use AES (http://csrc.nist.gov/CryptoToolkit/aes/). It is based on Rijndael Code (pronounced “Rhine-Dahl”), http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ .
Bill Gates claims that open source security codes are more vulnerable to being cracked. He couldn’t possibly be more wrong. From http://csrc.nist.gov/CryptoToolkit/aes/round2/aesfact.html , this is what AES offers…
[begin quote]
Approximately how big are the AES key sizes? The AES will specify three key sizes: 128, 192 and 256 bits. In decimal terms, this means that there are approximately:
3.4 x 10^38 possible 128-bit keys;
6.2 x 10^57 possible 192-bit keys; and
1.1 x 10^77 possible 256-bit keys.
In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 10^16 possible DES keys. Thus, there are on the order of 10^21 times more AES 128-bit keys than DES 56-bit keys.
What is the chance that someone could use the “DES Cracker”-like hardware to crack an AES key? In the late 1990s, specialized “DES Cracker” machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message.
Assuming that one could build a machine that could recover a DES key in a second (i.e., try 2^55 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
[end quote]
Rijndael Code (AES) also supports cypher keys of 256 bits if you feel that 149 trillion years is too vulnerable.
With Panther, your whole Home folder can be encrypted/decrypted with this level of security on the fly (http://www.apple.com/macosx/panther/file_vault.html).
But, if you can’t wait, just make your own Disk Image (File/New/Blank Image) using your current Disk Copy program (Applications/Utilities folder) and turn on 128-bit AES Encryption. It, too, encrypts on the fly so once the folder is created, there is nothing else to do. The decryption is so fast that you can view a full screen QuickTime movies directly from the encrypted file without any delays or a single hiccup in quality. It is the easiest, fastest, most secure, way to send very sensitive data over the internet.
Note that you need Windows XP PRO to get anything similar to Mac OS X security. Apparently Microsoft doesn’t think that home users have any sensitive data like medical records, financial records, pending patents, personal correspondence, images, copyrighted work, customized applications, small business data, silly little stuff that is no one else’s business, etc.
From Microsoft… http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/evaluate/xpsec.asp?frame=true
[start quote]
– Windows XP Home Edition –
Personalized Login
Fast User Switching
Personal Privacy
Internet Connection Firewall
Shared Documents Folder
– Windows XP Professional –
[in addition to the above]
Corporate Security
Controlled Network Access
Simple Sharing
Blank Password Restrictions
Encrypting File System
Certificate Services
Credential Management
Fast User Switching
Personal Privacy
Internet Connection Sharing
Internet Connection Firewall
Software Restriction Policies
Internet Protocol Security
Smart Card Support
Kerberos
[end quote]
From reading this webpage, Microsoft has their security extraordinarily complex and difficult. Perhaps too complex for anyone to be sure what is or is not secured.
For example, quoting from the same webpage…
[start quote]
When encryption is set for a folder, EFS automatically encrypts the following:
� All new files created in the folder.
� All plaintext files copied or moved into the folder.
� Optionally, all existing files and subfolders.
[end quote]
So, if I move my artwork file (patent blue prints, music projects, corporate projection/strategy PDF, etc.) into the secure folder, it is NOT encrypted?!!
Apple offers a much higher level of security that ANYONE can easily implement.