In my previous ‘Free File’ article, I briefly reviewed the open-source compression-utility 7-Zip. Like most other archiving tools, 7-Zip is also capable of encrypting your files. To do this, it utilizes industry standard AES-256 encryption (a.k.a. Rijn Dael) and recommends a password strength of 10 characters or more. The Help-function in 7-Zip has a nice illustration of what it would take to crack a secure AES password.
In accomplish this, one would need:
- cesspools of time
- a processor that can check 10 passwords per second
- to check 10 billion passwords per second, a budget of at least 1 billion dollars
To illustrate the importance of adequate password length, here’s a comparative table:
| Password Length |
Single User Attack |
Organization Attack |
| 1 |
2 s |
1 s |
| 2 |
1 min |
1 s |
| 3 |
30 min |
1 s |
| 4 |
12 hours |
1 s |
| 5 |
14 days |
1 s |
| 6 |
1 year |
1 s |
| 7 |
10 years |
1 s |
| 8 |
19 years |
20 s |
| 9 |
26 years |
9 min |
| 10 |
37 years |
4 hours |
| 11 |
46 years |
4 days |
| 12 |
55 years |
4 months |
| 14 |
64 years |
4 years |
| 15 |
82 years |
22 years |
| 16 |
91 years |
31 years |
| 17 |
100 years |
40 years |
As I was listening to Dvorak’s 5 minute rant this morning (Tech5 at PodShow) he mentioned this article. He stabbed the life out of it and he was right too. It’s an amusing read, certainly if you keep one word in the back of your mind: FUD (Fear, Uncertainty, Doubt — as quoted by Michael Horowitz); utter gibberish spread to lure people away from XP in order to sell more Vista copies. I’m not saying moving to Vista isn’t a good thing (I, for one haven’t seen too many bad things about it, not more than I’ve experienced with XP), but it’s obvious they’re pulling the whole thing out of context here, as an advertising stunt.
First of all, running an XP machine with SP1 deserves death penalty. Second: who the heck doesn’t run any form of security app on this kind of machine?! This is beyond me, really. Nonetheless, it’s worth a read, even if it’s just for the sake of a good laugh.
From ZDNET.com:
… Connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software …
“You can download attack tools from the Internet, and even script kiddies can use this one,” said Mick.
…
And blah blah blah. Funny. Ignorant.
Computer analysts are going berserk on the arrival of the first virus capable of infecting the Macintosh Operating System. MacOS has always been seen as less susceptible to viruses, in contrast with Microsoft Windows. This illusion has now been unearthed, leaving the Mac community at least a bit shocked. The virus is called A-leap (or Oompa Loompa) and comes disguised as an image file.
Apple has not released any comment to date.
Mozilla is seemingly addressing security patches a lot faster than its competitor Microsoft. In 2005, it took Microsoft at least 38 days to address a publicly known and actively used exploit. Unused exploits took MS 256 days to patch. Firefox, on the other hand, only took 16 days to seal comparable vulnerabilities.
The difference lies within Firefox’ open nature. The public knows about the flaws and is allowed to look into the code, possibly even contributing to the patch. Aside from this fact, there’s also the the market-share factor. Internet Explorer still owns 85% of the browser-market, making it much more of a target to hackers, because of this fact IE experiences substantially more security issues.
Whichever browser you choose, keeping your software up to date is a must.