Wednesday, October 11, 2006

CRACKING PASSWORDS – EASIER THAN YOU THINK

Passwords and PIN’s are our primary defense in protecting our personal security in personal systems as well as in commerce. Unfortunately, breaking these codes is easy. There are three common techniques for breaking your password and stealing your information or commercial accounts.

Dictionary or Brute Force attacks – these attacks use word frequency dictionaries and simply submit one common word after another until the logon is accepted. In the early 70’s when this author was a young programmer my password was “dog”. Today’s powerful servers and PC’s would have cracked open my old accounts in less than a second.

Rainbow Table attacks – these attacks use a technique which constructs a chain of possible passwords. Each chain contains randomly selected “guesses” of passwords and then successively applies a hashing technique and reduction function to search for a valid password. Failed password guesses are discarded and new random guesses constructed through the creation of a “rainbow table”. This table takes time and memory to build, but must only be built once at which point, it can then very quickly recover unknown passwords.
With the growth of on-line accounts we are all having trouble remembering passwords. The most common call to help desks is for forgotten passwords. Therefore we tend to fall into an all too common trap – we create a basic easily remembered short password and we use it for many accounts. The easily remembered password is usually a common English language word or a variant on that word. We all know the need for adding special characters, but few of us do so. Your keyboard has 64 characters on it and another 104 non-alpha-numerics. Both of the above techniques will search the character strings first. By including many of the other 104 keyboard elements you make these techniques much more complex and more time consuming.
Here are some poor passwords easily cracked but easy to remember.

  • alphabeta
  • abouttown
  • speedlimit

Here are some far more difficult passwords to crack but probably more difficult to remember.

  • $,H&aNlo*>>
  • M#ar”tin
  • Over64$easy^^TOn(=12

1 Comments:

At 9:16 AM, Anonymous Anonymous said...

Keep on posting useful information!!! here's my share Stop Identity Thieves Cold! Put a Credit Freeze On Your Credit Report. Hope you find it helpful too!have a great day!

 

Post a Comment

<< Home

Blog tracker