Home
Latest images
Register
Log in
Ever wondered how easy it is to crack your password? Sobering and much quicker than a few years ago.
4 posters
Password security
JohninMK- Posts : 15656
Points : 15797
Join date : 2015-06-16
Location : England
kvs- Posts : 15861
Points : 15996
Join date : 2014-09-11
Location : Turdope's Kanada
Maybe some web site passwords. The Unix systems I use either lock me out after three failed tries (of my own account) or increase
the time between issuing the password prompt. So this graphic is basically meaningless. And I am going to ignore stupid
passwords like "password" or "123456" since most serious systems don't allow such passwords anyway and anyone using them
is bending over and waiting to take it. Long and hard.
the time between issuing the password prompt. So this graphic is basically meaningless. And I am going to ignore stupid
passwords like "password" or "123456" since most serious systems don't allow such passwords anyway and anyone using them
is bending over and waiting to take it. Long and hard.
GarryB- Posts : 40557
Points : 41059
Join date : 2010-03-30
Location : New Zealand
Ironically the systems that require regular pass word changes and demand old passwords are not reused can be the least secure because your average user is simply going to write down their current password and tape it to the bottom of their keyboard.
There is a programme called OphCrack or something that is on a liveCD that has linux installed... basically you put the CD in to your computer and change the boot options to boot from the CD or DVD instead of the hard drive and it installs a live version of linux and runs the cracking software.
The purpose is to recover passwords from a computer running XP... have used it a few times for friends to recover forgotten passwords.
With windows 98 it was trival... the user passwords were stored in a file called username.psw It was encrypted so you couldn't read it to find their password, but just delete the files or move them onto a floppy drive and the system would boot up as any user without asking for passwords.
As you get older of course PIN numbers become a nightmare.... especially the ones you don't use all the time...
There is a programme called OphCrack or something that is on a liveCD that has linux installed... basically you put the CD in to your computer and change the boot options to boot from the CD or DVD instead of the hard drive and it installs a live version of linux and runs the cracking software.
The purpose is to recover passwords from a computer running XP... have used it a few times for friends to recover forgotten passwords.
With windows 98 it was trival... the user passwords were stored in a file called username.psw It was encrypted so you couldn't read it to find their password, but just delete the files or move them onto a floppy drive and the system would boot up as any user without asking for passwords.
As you get older of course PIN numbers become a nightmare.... especially the ones you don't use all the time...
ahmedfire- Posts : 2366
Points : 2548
Join date : 2010-11-11
Location : The Land Of Pharaohs
Most hackers trying thousands of different accounts with the most common passwords.
The other way is by getting the actual password file and using a cracking program on it .
Srong passwords should protect you from the guessing technique .
The other way is by getting the actual password file and using a cracking program on it .
Srong passwords should protect you from the guessing technique .
JohninMK- Posts : 15656
Points : 15797
Join date : 2015-06-16
Location : England
kvs wrote:Maybe some web site passwords. The Unix systems I use either lock me out after three failed tries (of my own account) or increase
the time between issuing the password prompt. So this graphic is basically meaningless. And I am going to ignore stupid
passwords like "password" or "123456" since most serious systems don't allow such passwords anyway and anyone using them
is bending over and waiting to take it. Long and hard.
Valid points.
I really just put it up to show the big difference a couple more letters/numbers can make. Or for example instead of an o use 0/@ or i use 1 etc
Or how about a standard start and a unique finish like (I never use this) J0hn1nMK@RDF J0hn1nMK@Ebay etc
GarryB- Posts : 40557
Points : 41059
Join date : 2010-03-30
Location : New Zealand
The key point however is that by adding letters adds 26 variations for each character in the password and differentiating between lower case and capitals doubles that in an english character set.
Honestly the best password would be in Chinese because the number of variations is huge.
Even just using numbers but using Hexadecimal numbers increases the variations... it is not complex.... it is like working out your chances of winning lotto.
6 numbers between one and 40, so the chance of getting the first number right is one in 40... so your options are 40, 39, 38, 37, 36, and 35, but it is not just a case of getting one right, you need to get them all right though they don't need to be in order, so the chances of getting that lotto win are 40 x 39 x 38 x 37 x 36 x 35...
if you have a password that is 6 digits long and is a decimal number then that is 10 x 10 x 10 x 10 x 10 x 10, because you can choose 0-9 for each number... so the number of possible combinations is 10 ^ 6...
By allowing (english) letters of either case that means 10 + 26, or 36 ^ 6, but having upper and lower case means 10 + (26 x 2) ^ 6.
Increasing the key set or the number of characters in the password greatly increase the possible key combinations.
Most 8 bit passwords have 256 combinations... based on the keyset of an 8 bit keyboard character set, but new keysets that have foreign characters can be 16 bit or 24 bit character sets.
Another factor is that those cracking times are estimates and are generally based on the time it would take to go through the entire key set.... but it might get the password much quicker than that... it is like looking for something in an index... that speed is basically starting at the start of the index and going through one entry at a time to find something. If the password is Aardvark then it might get it very quickly.
Adding AI neural networks to help can massively speed up the process.
Honestly the best password would be in Chinese because the number of variations is huge.
Even just using numbers but using Hexadecimal numbers increases the variations... it is not complex.... it is like working out your chances of winning lotto.
6 numbers between one and 40, so the chance of getting the first number right is one in 40... so your options are 40, 39, 38, 37, 36, and 35, but it is not just a case of getting one right, you need to get them all right though they don't need to be in order, so the chances of getting that lotto win are 40 x 39 x 38 x 37 x 36 x 35...
if you have a password that is 6 digits long and is a decimal number then that is 10 x 10 x 10 x 10 x 10 x 10, because you can choose 0-9 for each number... so the number of possible combinations is 10 ^ 6...
By allowing (english) letters of either case that means 10 + 26, or 36 ^ 6, but having upper and lower case means 10 + (26 x 2) ^ 6.
Increasing the key set or the number of characters in the password greatly increase the possible key combinations.
Most 8 bit passwords have 256 combinations... based on the keyset of an 8 bit keyboard character set, but new keysets that have foreign characters can be 16 bit or 24 bit character sets.
Another factor is that those cracking times are estimates and are generally based on the time it would take to go through the entire key set.... but it might get the password much quicker than that... it is like looking for something in an index... that speed is basically starting at the start of the index and going through one entry at a time to find something. If the password is Aardvark then it might get it very quickly.
Adding AI neural networks to help can massively speed up the process.
ahmedfire likes this post