Skip to content

Posts tagged ‘XKCD’

24
Aug

Simpler Stronger Passwords

The complexity of passwords is indeed something that has recently flipped into the realm of impossibility for us humans. In order to get any kind of decent cracking-resistant password these days you’re probably looking at having a password of at least 15 characters, making heavy use of uppercase, lowercase, symbols, etc. Very few people will be willing to commit that to memory, and if they do, they’ll be even less likely to change it on a regular basis.

The XKCD comic below shows that point pretty simply. It’s not actually that bad to use dictionary words, as long as they’re unrelated and you chain many of them together. The reason this works is because instead of picking from a character set of 26 letters, 10 digits and 20 symbols (total=56), you’re now selecting from a character set that is as large as the dictionary (~150,000 words).  If you select four words of about 5 characters or more, the potential keyspace an attacker has to guess will be enormous – especially if you throw in a few symbols for good measure ;)

13
Sep

XKCD: Password Reuse

Today’s XKCD is amusing, but still makes a very valid point. After using ultra-stupid passwords such as “password”, “123456” and “abc123”, password-reuse is the second biggest threat to the security of your accounts.

XKCD: Password ReuseGoogle and Mr. Black Hat think alike!

22
Aug

Bobby Tables: A Guide to Preventing SQL Injection

Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.

XKCD strip: bobby-tables

Source: XKCD

The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!

Their core recommendations are sound:

  • Do not create SQL statements that include outside data.
  • Use parameterized SQL calls.

Useful resource. Just thought I’d share.

css.php