How do sequential letters affect password strength when encrypting files

vbimport

#1

I was wondering about password construction there seems to be something about not using any sequence of three letters or numbers in a password like abc or 123.

I can see not using a sequence as the password but what problem can there be using a sequence in a password like:

xYz123!!!

Is that insecure because of the sequences?


#2

You would probably get a better answer on a forum specialized in encryption, but here’s a couple of thoughts:

The “strength” can be considered as one of two things:

  1. How easy or hard it is mathematically to crack (guess) the password, given how the password is constructed.

  2. How easy or hard it is for a person or program to crack (guess) the password using knowledge of how people make up easy-to-remember passwords.

#1 would depend on the cryptographic algorithm, and I know far too little to comment on how sequential letters would impact the cryptographic strength of the password.

#2 is a bit easier: When people are asked or forced to use a mix of letters and numbers, many choose to simply put consecutive digits at the end of the password, e.g. xYz123. Knowing this, it’s almost as easy to crack the passwords xYz1, xYz12, xYz123, xYz1234 and so on, as it is to crack the three-letter password xYz - which is trivial to any brute-force password-cracking program.


#3

See http://www.microsoft.com/protect/fraud/passwords/create.aspx

Passwords that are made of sequentials can take far less time to decrypt because they can be re-generated using small formulas.

A nice trick to get easy-to-remember-but-very-strong-passwords is the shift your fingers trick.


#4

Looking at the Microsoft page you linked, I would comment that typing your password into an online password checker is really, really stupid, as you can never be sure if someone has created the password checker page just to collect passwords for later (mis)use. Microsoft really shouldn’t be encouraging this kind of stupid behaviour! :doh:


#5

[QUOTE=DrageMester;2542808]Looking at the Microsoft page you linked, I would comment that typing your password into an online password checker is really, really stupid, as you can never be sure if someone has created the password checker page just to collect passwords for later (mis)use. Microsoft really shouldn’t be encouraging this kind of stupid behaviour! :doh:[/QUOTE]
The entire checker is worthless. If i type 1234567890123456789012345678901234567890 , it consinders it as a very strong password. :slight_smile: BEST!


#6

[QUOTE=Mr. Belvedere;2542811]The entire checker is worthless. If i type 1234567890123456789012345678901234567890 , it consinders it as a very strong password. :slight_smile: BEST![/QUOTE] And now I know which password you’re using on MyCE.com and MyLittlePinkPony.com so that I can hack into your accounts! :stuck_out_tongue:


#7

[QUOTE=DrageMester;2542818]And now I know which password you’re using on MyCE.com and MyLittlePinkPony.com so that I can hack into your accounts! :p[/QUOTE]

Stay of my My Little Pink Pony ! :bigsmile:

Only three more months of combing her long lovely hair and i get a new sticker!


#8

[QUOTE=Mr. Belvedere;2542828]Stay of my My Little Pink Pony ! :bigsmile:

Only three more months of combing her long lovely hair and i get a new sticker![/QUOTE]

lmao… :clap:


#9

[QUOTE=Mr. Belvedere;2542811]The entire checker is worthless. If i type 1234567890123456789012345678901234567890 , it consinders it as a very strong password. :slight_smile: BEST![/QUOTE]

The Microsoft checker is lacking. It gives no advice about the construction of the password. That is it does not tell you why your password is goood or bad. There are other checkers which give better feedback on your password construction so you can come up with a better one.

http://www.passwordmeter.com/

As far as typing the actual password you are planning on using into one of these thing, that may be a bad idea. However you can still use them to test your construction methods and get feedback on the passwords created. Then use the same method and construct a different one that you actually use.

Does anyone know of a good forum for this kind of question?


#10

In my opinion, the risk that someone is trying to gather passwords on “password checker” sites, far outweighs any benefit you may get from such a program checking the strength of your password.

If you absolutely must use a program to check the strength of passwords, find a completely trusted password checker from a completely trusted source that can be downloaded and run from your own computer, but don’t get into the bad habit of posting your password to random Internet sites with password checkers!


#11

[QUOTE=DrageMester;2542784]You would probably get a better answer on a forum specialized in encryption, but here’s a couple of thoughts:
.[/QUOTE]

Does anyone know of a good forum for encryption?


#12

[QUOTE=Klawdek;2543091]Does anyone know of a good forum for encryption?[/QUOTE]

Just use Google. I love this story about a Brazilian banker’s hard drives encryption that the FBI couldn’t crack. Give it a read.


#13

abcd1234abcd1234abcd1234

according to http://www.passwordmeter.com/ rates 100%!


#14

The basics are explained here: http://computer.howstuffworks.com/encryption.htm