Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”



In March, readers followed along as Nate Anderson, Ars deputy editor and a self-admitted newbie to password cracking, downloaded a list of more than 16,000 cryptographically hashed passcodes. Within a few hours, he deciphered almost half of them. The moral of the story: if a reporter with zero training in the ancient art of password cracking can achieve such results, imagine what more seasoned attackers can do.




No wonder there are some companies that proclaim “no more passwords!” in their future ventures.


Wow! One significant element there, the increasing “guess per second” rate on modern hardware, GPU assisted, aided by the use of a weak hash function.

Second element, how good is your password. And realistically, a simple diceware can also be attacked by compound wordlist, diceware with a couple of randomized capitals and symbols as well (where ANY letter in a word can be capitalized) adds a massive boost to attack resistance


The simplest way to increase brute-force attack time is password length.

You are better off with a simple password repeated ten times than a complex, short password. Pain in the rear though it may be to type.


is much better than


Length is important! :stuck_out_tongue: