Looks like we need to make “cracking the code” that much harder. This is going to amount to little more than posturing because they aren’t going to be in a position to enforce this for long—if indeed they still are. The powers-that-were know without a doubt they are about to be rendered obsolete.
I change my passwords frequently. They’re long and the characters and symbols include anything on the keyboard in mixed upper and lower case. Brackets are my favourites—but only one at a time; never a pair. ;0)
The Obama administration’s security services want your Internet service to hand over your password to them. Are you comfortable with this?
The website that broke this news, CNET, called this an “escalation in Internet surveillance” by the federal government. Yeah, I’d say so!
“The U.S. government has demanded that major Internet companies divulge users’ stored passwords, according to two industry sources familiar with these orders, which represent an escalation in surveillance techniques that has not previously been disclosed,” the tech website reported on July 25.
That isn’t all the government is demanding from our Internet providers. They also want our security questions and the company’s algorithms.
Some of the government orders demand not only a user’s password but also the encryption algorithm and the so-called salt, according to a person familiar with the requests. A salt is a random string of letters or numbers used to make it more difficult to reverse the encryption process and determine the original password. Other orders demand the secret question codes often associated with user accounts.
Naturally most of the Internet companies that CNET tried to interview about this refused to talk about the whole thing. Who can blame them with the iron boot heel of Obama’s administration on their necks, eh?
Even as far back as 2011, Congress and the President were debating whether they should get some sort of Internet kill switch installed into our system of online communications:
CNET does have some savvy advice––though, slyly unstated advice––on how to do your part to make cracking your password with decryption software a bit harder.
One popular algorithm, used by Twitter and LinkedIn, is called bcrypt. A 2009 paper (PDF) by computer scientist Colin Percival estimated that it would cost a mere $4 to crack, in an average of one year, an 8-character bcrypt password composed only of letters. To do it in an average of one day, the hardware cost would jump to approximately $1,500.
But if a password of the same length included numbers, asterisks, punctuation marks, and other special characters, the cost-per-year leaps to $130,000. Increasing the length to any 10 characters, Percival estimated in 2009, brings the estimated cracking cost to a staggering $1.2 billion.
Interesting advice. Maybe we should all revisit our passwords, make them longer, and add some special characters?