Wednesday, November 12, 2008

Tip Of The Week : Why a Complex Password?

Because the more complex, the harder it is to crack, and the harder it is to crack, the less likely you are going to be hacked.

For more info, see below. :)

Interesting article on password strengths and time to crack.

When I worked as a network admin, I ran quarterly crack attempts against the server database. I had the inside edge of direct access to the server's password file. On the average, I cracked 80-90% of the 150 accounts overnight, on each attempt. They used standard mixes of complexity, and length. I usually had a dozen within minutes.

Today's complex cracking software uses combination's of brute force and dictionary attacks, and table lookups, which cut the time down, incredibly.

From one program's readme "A traditional brute force cracker try all possible plain texts one by one in cracking time. It is time consuming to break complex password in this way. The idea of time-memory trade-off is to do all cracking time computation in advance and store the result in files so called "rainbow table". It does take a long time to pre-compute the tables. But once the one time pre-computation is finished, a time-memory trade-off cracker can be hundreds of times faster than a brute force cracker, with the help of precomputed tables."


No comments:

Copyright © 2009 Bob Hubbard. All rights reserved.