[HLUG] Encrypting Optical Backup Discs - Linux Productivity Magazine

George DiceGeorge dicegeorge at hotmail.com
Tue Jul 15 22:52:09 UTC 2014

If you want almost-absolute protection from bicycle theft, you need a U lock 
with accompanying 1/2" case hardened chain. The weight of the big, heavy 
lock and chain slows acceleration annoyingly. Finding the right hitching 
pole makes parking annoying, and so does the balance dance you do trying to 
wrap the huge chain around both wheels and the frame. So many of us use a 
lock and cable: Easily defeated by a large bolt cutter or even a wire cutter 
for the guy who has 15 minutes to gnaw through the cable. But such a setup 
is remarkably safe, because the bicycle next to yours is locked with a chain 
that looks like a string, capable of being cut in one minute by a tool 
carried in a pocket.

It's called the weakest chain principle, and it has cheaply protected many a 
bicycle. It's a poorly kept secret that many of us felt that our online data 
was protected by the same principle. "Why should they risk prison nailing my 
tough password when they can own a tycoon using his wife's birthday as a 

During Heartbleed we found the answer to that question: There's not all that 
much risk. An accomplished badguy can grab 50% to 90% of passwords in a 
password list, in a few hours. Today's dictionary and brute force attacks 
are smart enough to understand how humans think, and act accordingly. If you 
think you're safe by 1ndigo instead of Indigo, fr0nt instead of frOnt, or 
any of the other things that are easy for humans and harder for computers, 
forget it: the badguys have programmed that into their attacks. Stringing 
together dictionary words and common names? They'll find that before the 
first truly brute force move. And speaking of brute force, in certain 
situations an 8 character password can be brute-forced in minutes. And if 
they crack your password in any venue, they'll follow your trail all over 
the Internet, using that same password, because they know that passwords are 
hard to remember, and people are likely to reuse them. And if you use the 
name of that one-night-stand girl from 1995, you'd better have kept your 
mouth shut about that, or somebody will pretext it out of you.

If you want your identity intact, you'd better use distinct passwords 
everywhere, making them long and seemingly random. Don't depend on everyone 
else making it easier: Go all the way.
Copyright (C) 2014 by Steve Litt. 

More information about the Herefordshire mailing list