Archive for December, 2008
Rap4TB 0.85 Released
by Daniel on Dec.13, 2008, under Rapleaf 4 Thunderbird
The latest version of my social networking plugin for Thuderbird has just been released.
Changes for this version:
Internationalization support has been added (translators wanted)
Default cache time increased to 30days
Cache clean up code added, rather than continuously building up, expired entries get cleaned up on launch
Only one feature is planned for the next release (at this stage), cache flushing for individual entries. If you have any suggestions please post in the forums or leave a comment.
In order for me to get this published as an ‘official’ Thunderbird plugin I still need more reviews, if you use the plugin and think it’s a good thing, please post to the forum with a short review saying how great you found it.
Update: I probably should upload the new version as well rap4tb-085
-Daniel
Relative Password Strength
by Daniel on Dec.01, 2008, under Security
e are always told to choose strong passwords, over eight characters, with lower & upper case letter, numbers and symbols, but really what difference does it make.
Lets have a look at 4 different classes of passwords each 8 characters:
A) Lower case letters only
B) Mixed case letters
C) Mixed case letters and digits
D) Mixed case letters, digits and 32 symbols
The table below shows the number of possible combinations and the time to crack based on Elcomsoft’s rates for md5 password recovery on a dual core processor (4.7 million passwords/second)
| Class | Combinations | Time to Crack |
| A | 208,827,064,576 | 44 seconds |
| B | 53,459,728,531,456 | 3 hours |
| C | 218,340,105,584,896 | 12 hours |
| D | 6,095,689,385,410,820 | 15 days |
So you can see a password that just has lower case letters can be cracked in less than a minute! While a password that covers the full spectrum of character types will take 15 days, that’s a lot of extra effort to get into your account.
So what if you want to have a strong password, but you don’t want to have to remember a string with upper case letters, numbers and symbols. Can you have a password, containing just lower case letters, that provides as much protection as a password that contains at least 1 character from each group? Absolutely, you just have to trade complexity for length. Have a look at this table to see how long passwords need to be to be at least as strong as a 8 character class D password.
| Class | Number of Characters |
| A | 12 |
| B | 10 |
| C | 9 |
| D | 8 |
So if you want a password of lowercase letters that provides the same level of protection as a more complicated password, you’ll need 12 characters.
Of course a password that is based on dictionary words is still not going to keep the bad guys at bay for long, it still needs to be a fairly random string of letters, there are plenty of ways to come up with good passwords, but thats another article.
-Daniel
