一本教会你“做对”题的6级阅读书 day7 passage3

[00:00]The best way to explain how to choose a good password [00:04]is to describe how they're broken. [00:07]The most serious attack is called offline password guessing. [00:13]There are commercial programs that do this, [00:16]sold primarily to police departments. [00:20]There are also hacker tools that do the same thing. [00:24]As computers have become faster, the guessers have got better, [00:29]sometimes being able to test hundreds of thousands of passwords per second. [00:35]They guess intelligently. [00:37]They don't run through every eight-letter combination [00:41]from "aaaaaaaa" to "zzzzzzzz" in order. That's 200bn possible passwords, [00:50]most of them very unlikely. They try the most common password first: [00:57]"password1". Actually, the most common password used to be "password". [01:05]A typical password consists of a root plus an appendage. [01:10]The root isn't necessarily a dictionary word, but it's something pronounceable. [01:16]An appendage is either a suffix (90% of the time) or a prefix (10% of the time). [01:25]One guesser I studied starts with a dictionary of about 1,000 common passwords, [01:31]things like "letmein," "temp," "123456," and so on. [01:39]Then it tests them each with about 100 common suffix appendages: [01:46] "1", "4u", "69", "abc", "!" and so on. [01:55]It recovers about 24% of all passwords with just these 100,000 combinations. [02:03]Then the guesser tries different dictionaries: English words, names, [02:10]foreign words, phonetic patterns and so on for roots; two digits, dates, [02:19]single symbols and so on for appendages. [02:22]It runs the dictionaries with various capitalizations [02:26]and common substitutions: "$" for "s", "@" for "a", "1" for "l" and so on. [02:37]With a couple of weeks to a month's worth of time, [02:41]this guessing strategy breaks about two-thirds of all passwords. [02:46]But that assumes no biographical data. [02:49]Any smart guesser collects whatever personal information [02:53]it can on the subject before beginning. Postal codes are common appendages, [03:00]so they're tested. [03:02]It also tests names and addresses from the address book, meaningful dates, [03:09]and any other personal information. [03:12]If it can, the guesser indexes the target hard drive [03:16]and creates a dictionary out of every printable string, [03:21]including deleted files. If you ever kept an email with your password, [03:26]or saved it in an obscure file somewhere, [03:30]or if your program ever stored it in memory, this process will grab it. [03:35]And it will recover your password faster. [03:39]So if you want your password to be hard to guess, [03:42]you should choose something that this process will miss. [03:46]My advice is to take a sentence and turn it into a password. [03:51]Something like "This little piggy went to market" might become "tlpWENT2m". [04:01]That nine-character password won't be in anyone's dictionary. [04:06]Strong passwords can still fail because people are sloppy. [04:12]They write them on Post-it notes stuck to their monitors, [04:15]share them with friends, or choose the same passwords for multiple applications. [04:21]If you can't remember your passwords, [04:24]write them down and put the paper in your wallet. But just write the sentence [04:30]or better yet - a hint that will help you remember your sentence.

00:00

00:00

MP3下载 文本下载

https://online2.tingclass.net/lesson/shi0529/0008/8127/7passage3.mp3

https://image.tingclass.net/statics/js/2012

Passage 3 How to Choose a Good Password? 124
如何选择好密码？ 《卫报》

[00:00]The best way to explain how to choose a good password
[00:04]is to describe how they're broken.
[00:07]The most serious attack is called offline password guessing.
[00:13]There are commercial programs that do this,
[00:16]sold primarily to police departments.
[00:20]There are also hacker tools that do the same thing.
[00:24]As computers have become faster, the guessers have got better,
[00:29]sometimes being able to test hundreds of thousands of passwords per second.
[00:35]They guess intelligently.
[00:37]They don't run through every eight-letter combination
[00:41]from "aaaaaaaa" to "zzzzzzzz" in order. That's 200bn possible passwords,
[00:50]most of them very unlikely. They try the most common password first:
[00:57]"password1". Actually, the most common password used to be "password".
[01:05]A typical password consists of a root plus an appendage.
[01:10]The root isn't necessarily a dictionary word, but it's something pronounceable.
[01:16]An appendage is either a suffix (90% of the time) or a prefix (10% of the time).
[01:25]One guesser I studied starts with a dictionary of about 1,000 common passwords,
[01:31]things like "letmein," "temp," "123456," and so on.
[01:39]Then it tests them each with about 100 common suffix appendages:
[01:46] "1", "4u", "69", "abc", "!" and so on.
[01:55]It recovers about 24% of all passwords with just these 100,000 combinations.
[02:03]Then the guesser tries different dictionaries: English words, names,
[02:10]foreign words, phonetic patterns and so on for roots; two digits, dates,
[02:19]single symbols and so on for appendages.
[02:22]It runs the dictionaries with various capitalizations
[02:26]and common substitutions: "$" for "s", "@" for "a", "1" for "l" and so on.
[02:37]With a couple of weeks to a month's worth of time,
[02:41]this guessing strategy breaks about two-thirds of all passwords.
[02:46]But that assumes no biographical data.
[02:49]Any smart guesser collects whatever personal information
[02:53]it can on the subject before beginning. Postal codes are common appendages,
[03:00]so they're tested.
[03:02]It also tests names and addresses from the address book, meaningful dates,
[03:09]and any other personal information.
[03:12]If it can, the guesser indexes the target hard drive
[03:16]and creates a dictionary out of every printable string,
[03:21]including deleted files. If you ever kept an email with your password,
[03:26]or saved it in an obscure file somewhere,
[03:30]or if your program ever stored it in memory, this process will grab it.
[03:35]And it will recover your password faster.
[03:39]So if you want your password to be hard to guess,
[03:42]you should choose something that this process will miss.
[03:46]My advice is to take a sentence and turn it into a password.
[03:51]Something like "This little piggy went to market" might become "tlpWENT2m".
[04:01]That nine-character password won't be in anyone's dictionary.
[04:06]Strong passwords can still fail because people are sloppy.
[04:12]They write them on Post-it notes stuck to their monitors,
[04:15]share them with friends, or choose the same passwords for multiple applications.
[04:21]If you can't remember your passwords,
[04:24]write them down and put the paper in your wallet. But just write the sentence
[04:30]or better yet - a hint that will help you remember your sentence.