Wikipedia:Reference desk/Archives/Computing/2009 March 17

Computing desk
< March 16	<< Feb | March | Apr >>	March 18 >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

March 17

Creating a strong password, valid characters?

I want to create a password that will be difficult to guess or crack. I would also like to include non-standard characters that aren't alphanumeric, so those that include !,@,#,$,%,^,&,*, etc... However, sometimes I will encounter a website that does not allow the use some of those characters. Some may consider '#', '@', or '%' invalid, but allow '&' or '~' at other times. So my question is, what is the minimum set of characters (beyond alphanumeric) that most websites employ? Thanks. —Preceding unsigned comment added by 141.153.215.194 (talk) 04:19, 17 March 2009 (UTC)

That's tough to say when asking what "Most" sites employ, but in my years of experiences it seems that "8" is a common minimum for password strength. (goes back to the bit/byte thing = 64). — Ched ~ ^(yes?)/_© 06:53, 17 March 2009 (UTC)

Number of characters isn't the question. My guess about character set is that the simple ASCII will always be game. You use the typical 26 characters x 2 for case sensitive, plus 10 for numerals, and you're pretty good. With 8 characters you're doing alright with 218,340,105,584,896 combinations. You'll realize that upping the char-set is often more useful than upping the characters. Just make sure you have a random generator that will permit those characters. If you can't do that, then use something that gives you the full character set, then just remove the ones it won't take by yourself. Try a command like openssl rand -base64 128 or dd if=/dev/urandom bs=16 count=1|xxd. Shadowjams (talk) 07:03, 17 March 2009 (UTC)

Instead of a password you could also create a pass-sentence. It can have 40-50 characters, be easily memorized and extreme secure.--Mr.K. (talk) 12:01, 17 March 2009 (UTC)

What special characters are allowed depends on the programmer and system. For example, I work in two universities and I move a lot of files back and forth between the two. So, I wanted to use the same passwords on each. One requires 8 characters with at least one number, one letter, and one "special character" limited to something in the set "._+-!$%&" (a very small subset of ASCII). The other required nine characters, at least one capital letter, one lower case letter, and two characters in the set "!@#$%^&*()_+-=,." (still a subset of ASCII). Knowing the programmers on both sides, I asked about the weird restrictions on the special characters. They said it had to do with limitations on internal programs such as Oracle pitching a fit if you used a @ in your password or some Windows file share crapping out if you used a \. Therefore, it is not possible to have a single set of password restrictions that EVERYONE will use - and you don't want it anyway...

Assume you come up with the biggest badass uncrackable password ever. You use it on EVERY site you access. Well, the admins at those sites will know your password. They don't need to crack it. You've just trashed your security. What you need is a unique password for each site - something that a keyring makes easy to do. There are even keyrings that have password makers so you can have high-security and unique passwords for each site. -- kainaw™ 13:25, 17 March 2009 (UTC)

As another example, Wikipedia is extremely lax when it comes to passwords. They can be thousands of characters long (I forget the limit, but it's something ridiculous) and contain all kinds of crazy characters (I just changed my alternate account's password to 'ῸὸὈὀὉὁὌὄὊ', for example). However, this doesn't add any extra security, since the password is stored as a 128-bit MD5 hash anyway. Algebraist 14:13, 17 March 2009 (UTC)

When exactly is 128-bit MD5 storage (for typically plaintext transmission!) "extremely lax" security? -- Fullstop (talk) 15:32, 17 March 2009 (UTC)

Sorry, I was unclear. I meant Wikipedia is not at all strict when it comes to what characters you're allowed. None of the restrictions mentioned above apply here. Algebraist 15:34, 17 March 2009 (UTC)

The rules of thumb for "a password that will be difficult to guess or crack" are: a) not a dictionary word; b) not easily guessable (not the name of a relative, pet, phone number, SSN, name of your personal obsession or other personal numbers/names); c) has characters that come from all sections of the character set (numerals, upper case letters, lower case letters, punctuation, etc); d) The adage "longer is better" is often still true.

The crux is always the ability to remember the phrase you used, but you can usually fulfill all the "hard to guess" requirements by interpolating substitution values into an easily-remembered passphrase. E.g. use a couple of l337-speak vowels, or IPA symbols, or even just (from using adjacent keys on your keyboard) replace "q" etc with "12" or "!@" etc. You get the idea. -- Fullstop (talk) 15:32, 17 March 2009 (UTC)

Best approach is to pick two or three words from a dictionary completely at random (i.e. by rolling dice, flipping coins, etc) rather than trying to think up a password, rely on weird characters, etc. You can separate them with hyphens, like "widget-giraffe" or whatever. See www.diceware.com or diceware for an approach to this. It explains how to quantify how random a password is, using the Shannon entropy. The entropy measure you actually want is the min-entropy, but in this specific situation it will be very close to the Shannon entropy, so the Shannon entropy approach will be plenty good enough. —Preceding unsigned comment added by 75.62.6.87 (talk) 22:08, 17 March 2009 (UTC)

Wouldn't that be susceptible to an advanced dictionary based attack? - Jarry1250 ^{(t, c)} 22:12, 17 March 2009 (UTC)

It could be vulnerable to an offline dictionary attack, if the attacker had (say) a hash of the passphrase. The same would be true of a single word with non-alphabetic symbols. Two or three words should be enough to stop an online attack (one where the attacker has to submit one guess after another to the server) since it would take millions of tries and the server should lock the attacker out long before that. With five or six words, there should be enough entropy to stop all but very large scale offline attacks. This is all explained (including the math) at the diceware site. 75.62.6.87 (talk) 22:20, 17 March 2009 (UTC)

Even "very large" offline attacks would be pretty computationally difficult. I don't remember the limit but at some point you get beyond the ability to computer it in a reasonable (e.g. your lifetime) amount of time—each word you add exponentially increases the number of possibilities. You can think of the random dictionary words bit as using a four letter word, but with an alphabet that contains around 500,000 letters. I would expect that is a lot better than the sorts of "add an extra, non-alphanumeric" character sort of thing where you're just increasing the letters by one each time. --98.217.14.211 (talk) 23:43, 17 March 2009 (UTC)

Google print size

I must have hit some combination of keys because when I search from the toolbar, I get bigger letters than normal. How do I reset it? I'm using Firefox 3.0.7. Clarityfiend (talk) 06:55, 17 March 2009 (UTC)

Try Cntrl+-

Ctrl+0 (that's a zero). --wj32 ^t/c 07:34, 17 March 2009 (UTC)

Or View + Text Size + Normal. StuRat (talk) 14:44, 17 March 2009 (UTC)

Or use your mouse's scroll wheel while holding down the Ctrl key. --Andreas Rejbrand (talk) 15:17, 17 March 2009 (UTC)

Thanks. Clarityfiend (talk) 19:39, 17 March 2009 (UTC)

Getting the commit charge limit

Resolved

I'm trying to get the Commit Charge Limit as displayed by Process Explorer. Both GetProcessMemoryInfo (from psapi.dll) and NtQuerySystemInformation (with SystemPerformanceInformation) work fine on XP. But on Vista, both report the peak and limit to be 16EB! Process Explorer still reports the correct value. Any ideas? Thanks in advance. --wj32 ^t/c 08:51, 17 March 2009 (UTC)

I'm such an idiot. The old integer overflow problem. --wj32 ^t/c 09:06, 17 March 2009 (UTC)

Adding five more users to an existing 25 user Novell netware 4.2 version

Novell netware is now not available. I have a 25 user Novell netware 4.2 version running successfully for the last 25 years. Now I am in need of adding five more users to that. But the software for adding additional five users is not available from Novell. Is there any other method or shortcut to add five more users without disturbing the existing network. or If a 5 user adding software available with anyone please help me. —Preceding unsigned comment added by 61.17.229.4 (talk) 09:15, 17 March 2009 (UTC)

Screen quality

Which mobile phone has the best screen in terms of quality? Is it the iPhone? —Preceding unsigned comment added by 116.71.46.119 (talk) 17:24, 17 March 2009 (UTC)

I think you'll have to clarify what you mean by "quality" as that'll change from person to person. Personally I find the higher the resolution of the screen then the better the "quality" because it's sharper and easier to read. The iPhones resolution is 480x320 and there are phones with much higher resolutions that that (for example the very old HTC Universal or the much newer HTC Touch Pro and there are many others). Sorry if that's not a lot of help. ZX81 ^talk 22:31, 17 March 2009 (UTC)

irc help

i made an irc channel on freenode or whatever how do i make mself and friends operators on it? cant figure out how--Raisens2 (talk) 20:40, 17 March 2009 (UTC)

Assuming the channel isn't already registered, the first person to create it should get operator status and from there you can then /msg chanserv help for more information about registering the channel (if you haven't already registered a nickname you'll need to do that with nickserv first). If it's already registered then there isn't really much you can do I'm afraid except pick a new name or ask the channel founder (if known). ZX81 ^talk 22:37, 17 March 2009 (UTC)

Windows Family Censorship - or whatever it's called

I made the mistake of downloading the MS Office add-on called 'Workspaces', only to find that not only did the 'button' in Office only remain for an hour or so, I had also had the misfortune to be stuck with a Family Control Filter which I didn't ask for nor want. Now the damn thing asks me to log-in and approve practically every website I visit, including Wikipedia and even the BBC News, saying that it's blocked. This is not a virus or anything I downloaded from the wrong site, as all my other PCs can use it. I am having this problem only on the one PC I use the most, and it is extremely annoying, true to Microsoft fashion. Can anyone give me any idea how to get rid of the thing? Plus, as an extra, why would a family control filter come with an office workspace? Why would I let kids play around with my office computer? No need to answer that. We all know MS's marketing 'skills'.--KageTora (talk) 23:01, 17 March 2009 (UTC)

OK, I did it. For information purposes, I will tell you that it appears as Microsoft Family Safety Filter as well as Windows Family Safety Filter, apparently to make it difficult to find (as well as the fact that it is in some folder that doesn't appear on the uninstall list). The way to get rid of this is to wait until a website is blocked and click on 'Go to Website', then you get yet another pop-up with a button asking if you want to turn it on or off. Turning it 'off' is the right option. Then go 'Start Up programs' and remove it from the list. You can disable it from their without going to the website, but I made the mistake of removing it first, which meant I had to search around for it again. Bloody labyrinth of crap, MS. Bring me back my Mac!--KageTora (talk) 23:28, 17 March 2009 (UTC)

Resolved

StuRat (talk) 15:17, 18 March 2009 (UTC)