Friday, February 19, 2016

Password cracking in the news...

We hear a lot these days about passwords being cracked after they are stolen from online sites.

What is stolen from those sites is usually an encrypted version of the password called a hash that looks something like this:


When the above hash is run through password cracking software, it easily yields the password:


Password hashes are also sometimes stolen when your computer becomes infected with malware.

Do you know which password, of the 2 below, is more secure against password cracking attempts?


If a bad guy stole the hashes for these two passwords and tried to brute force them, here’s how long it might take to crack them (assuming the bad guy had no hints):

Between 8 to 18 hours, faster if multiple computers were available

1.29 hundred trillion centuries

So, the correct answer is the LONG passphrase.
Fourteen characters or more is considered best.

Obviously, this example is a known song lyric, so someday it and others like it might ultimately be added as part of a cracking table. This has already happened to common phrases such as “Beam me up Scottie”. That’s why we changed one word’s spelling to add a little entropy. A better approach is to personalize your passphrase. An example: Welcome2BarbM’sHotelCalifornia

Other passphrase examples:

I really need a vacation and want to go 2 Barstow
My cat Max hates it 2 when I give him a bath

PS: These are examples only; Be sure and don’t use the exact passwords above.;)

No comments:

Post a Comment