Let’s start with what role a password plays in security. Think of a database as the thing you want access to, like the contents of a safe. The encryption, or access privileges as the lock. The password is the key to that lock.  If you have a really good password but a bad encryption or weak user rights management you can, in most cases walk right around the security and access the desired data directly. I will talk more about this in other topics for now lets focus on passwords and the ways they are cracked.

Method One – Physical security, people are SNOOPY, Lookout for people close enough to read your screen and or see your typing. Basic I Know, very effective method of getting credentials.

Method Two – Social Engineering, Another very effective way to get passwords. Call the IT dept of a company claim to be a “BIG WIG’s” assistant and your boss needs remote access now for that big meeting.

Method Three – Software, Keyloggers would be the most effective software solution to get credentials high chance of success (that is if you can get it in to the target computer)

Method Four – Trial and ERROR – That’s Right BRUTE FORCE, the one we need to worry about, as now attackers have at there disposal SUPERCOMPUTER technology. They can bring to bare paralleled computing a ridiculous scales thanks to GPU cards.

So let’s look at method four. Brute force, it is as it sounds, you try every combination or a list of combinations until you find the right string of characters.

HARDWARE

Some of the GPU based “home setups” I have seen range from high end gamer systems  to 5 SLI TITANS, hashing at a rate of 350 BILLION, < With a “B”, password combinations PER SECOND!  Lets use this 350 billion number, as your most likely attacker scenario. Most people with actual supercomputers don’t go around cracking passwords (unless you’re the US government)

THE MATH

Let’s start small, 8 char password all lower case letters : abcdefgh

This password was made from a pool of 26 char. so the number of possible combinations is:

                  26 possible char 8 char long  to calculate that it is 26 to the power of 8

26^8

 377,801,998,336

 Impressive number right? Remember those five titans would knock this  out in 1.079 Seconds

Let’s go a little bigger, 12 char all lowercase letters that’s : abcdefghijkl

26^12

95,428,956,661,682,176

That’s a little better, 272654.16 seconds, or 75 hours to crack with 5 titans

All we did was add 4 char to the length,

Number of possible combinations grow to the power of your char pool .

Now lets expand our pool.

We will use all 94 char in the US keyboard 12 char long.

Abcedfgh12@#

94^12

475,920,314,814,253,376,475,136

Now were talking. 15,091,334,183,607,730 YEARS with those titans.

But your saying “THAT’S NOT GOOD ENOUGH, I have to hide my stuff from Uncle SAM!”.

I’ve been there, so here we go.

You want a super secure UN-crackable password, simple:

“MAKE THEM LONG, MAKE THEM STRONG”

How to make your passwords stronger than anyone else:

Step one: NO WORDS

Step two: do not use variants of other passwords you use

Step three: do not use dates

Step four: use all of the char length available  to you

Step five: expand your pool if 94 char aren’t enough use

The full Unicode chart 65,536 char.

to use the Unicode from your keyboard hold the ALT key then use the numeric

keypad  to enter the char address for the one you want

ALT+01478 will give you Æ

Abcdefgh12@Æ

65,536 ^ 12

6,277,101,735,386,680,763,835,789,423,207,700,000,000,000,000,000,000,000,000

POSSIBLE COMBINATIONS.

If you like this let me know. like, comment.

If you had some suggestions let me know.

Try some password checkers for fun see how your password holds up  kaspersky password check.