Let’s start with what role a password plays in security. Think of a database as the thing you want access to, like the contents of a safe. The encryption, or access privileges as the lock. The password is the key to that lock. If you have a really good password but a bad encryption or weak user rights management you can, in most cases walk right around the security and access the desired data directly. I will talk more about this in other topics for now lets focus on passwords and the ways they are cracked.
Method One – Physical security, people are SNOOPY, Lookout for people close enough to read your screen and or see your typing. Basic I Know, very effective method of getting credentials.
Method Two – Social Engineering, Another very effective way to get passwords. Call the IT dept of a company claim to be a “BIG WIG’s” assistant and your boss needs remote access now for that big meeting.
Method Three – Software, Keyloggers would be the most effective software solution to get credentials high chance of success (that is if you can get it in to the target computer)
Method Four – Trial and ERROR – That’s Right BRUTE FORCE, the one we need to worry about, as now attackers have at there disposal SUPERCOMPUTER technology. They can bring to bare paralleled computing a ridiculous scales thanks to GPU cards.
So let’s look at method four. Brute force, it is as it sounds, you try every combination or a list of combinations until you find the right string of characters.
HARDWARE
Some of the GPU based “home setups” I have seen range from high end gamer systems to 5 SLI TITANS, hashing at a rate of 350 BILLION, < With a “B”, password combinations PER SECOND! Lets use this 350 billion number, as your most likely attacker scenario. Most people with actual supercomputers don’t go around cracking passwords (unless you’re the US government)
THE MATH
Let’s start small, 8 char password all lower case letters : abcdefgh
This password was made from a pool of 26 char. so the number of possible combinations is:
26 possible char 8 char long to calculate that it is 26 to the power of 8
26^8
377,801,998,336
Impressive number right? Remember those five titans would knock this out in 1.079 Seconds
Let’s go a little bigger, 12 char all lowercase letters that’s : abcdefghijkl
26^12
95,428,956,661,682,176
That’s a little better, 272654.16 seconds, or 75 hours to crack with 5 titans
All we did was add 4 char to the length,
Number of possible combinations grow to the power of your char pool .
Now lets expand our pool.
We will use all 94 char in the US keyboard 12 char long.
Abcedfgh12@#
94^12
475,920,314,814,253,376,475,136
Now were talking. 15,091,334,183,607,730 YEARS with those titans.
But your saying “THAT’S NOT GOOD ENOUGH, I have to hide my stuff from Uncle SAM!”.
I’ve been there, so here we go.
You want a super secure UN-crackable password, simple:
“MAKE THEM LONG, MAKE THEM STRONG”
How to make your passwords stronger than anyone else:
Step one: NO WORDS
Step two: do not use variants of other passwords you use
Step three: do not use dates
Step four: use all of the char length available to you
Step five: expand your pool if 94 char aren’t enough use
The full Unicode chart 65,536 char.
to use the Unicode from your keyboard hold the ALT key then use the numeric
keypad to enter the char address for the one you want
ALT+01478 will give you Æ
Abcdefgh12@Æ
65,536 ^ 12
6,277,101,735,386,680,763,835,789,423,207,700,000,000,000,000,000,000,000,000
POSSIBLE COMBINATIONS.
If you like this let me know. like, comment.
If you had some suggestions let me know.
Try some password checkers for fun see how your password holds up kaspersky password check.
Comments