Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”

vbimport

#1

In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.

Link: http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

:cool::cool:


#2

No wonder there are some companies that proclaim “no more passwords!” in their future ventures.


#3

Wow! One significant element there, the increasing “guess per second” rate on modern hardware, GPU assisted, aided by the use of a weak hash function.

Second element, how good is your password. And realistically, a simple diceware can also be attacked by compound wordlist, diceware with a couple of randomized capitals and symbols as well (where ANY letter in a word can be capitalized) adds a massive boost to attack resistance


#4

The simplest way to increase brute-force attack time is password length.

You are better off with a simple password repeated ten times than a complex, short password. Pain in the rear though it may be to type.

redyellowblueredyellowblueredyellowblue

is much better than

r3dy3ll0wblu3

Length is important! :stuck_out_tongue: