Russia Defence Forum

Would you like to react to this message? Create an account in a few clicks or log in to continue.

Military Forum for Russian and Global Defence Issues


    Password security

    JohninMK
    JohninMK

    Posts : 8778
    Points : 8873
    Join date : 2015-06-16
    Location : England

    Password security Empty Password security

    Post  JohninMK Mon Mar 01, 2021 10:56 pm

    Ever wondered how easy it is to crack your password? Sobering and much quicker than a few years ago.

    Password security Ega0BNUWAAAVdg0?format=jpg&name=small
    kvs
    kvs

    Posts : 9482
    Points : 9625
    Join date : 2014-09-11
    Location : Canuckistan

    Password security Empty Re: Password security

    Post  kvs Mon Mar 01, 2021 11:02 pm

    Maybe some web site passwords. The Unix systems I use either lock me out after three failed tries (of my own account) or increase
    the time between issuing the password prompt. So this graphic is basically meaningless. And I am going to ignore stupid
    passwords like "password" or "123456" since most serious systems don't allow such passwords anyway and anyone using them
    is bending over and waiting to take it. Long and hard.

    GarryB
    GarryB

    Posts : 28962
    Points : 29492
    Join date : 2010-03-30
    Location : New Zealand

    Password security Empty Re: Password security

    Post  GarryB Tue Mar 02, 2021 7:27 am

    Ironically the systems that require regular pass word changes and demand old passwords are not reused can be the least secure because your average user is simply going to write down their current password and tape it to the bottom of their keyboard.

    There is a programme called OphCrack or something that is on a liveCD that has linux installed... basically you put the CD in to your computer and change the boot options to boot from the CD or DVD instead of the hard drive and it installs a live version of linux and runs the cracking software.


    The purpose is to recover passwords from a computer running XP... have used it a few times for friends to recover forgotten passwords.

    With windows 98 it was trival... the user passwords were stored in a file called username.psw It was encrypted so you couldn't read it to find their password, but just delete the files or move them onto a floppy drive and the system would boot up as any user without asking for passwords.

    As you get older of course PIN numbers become a nightmare.... especially the ones you don't use all the time...
    ahmedfire
    ahmedfire

    Posts : 1578
    Points : 1752
    Join date : 2010-11-11
    Location : The Land Of Pharaohs

    Password security Empty Re: Password security

    Post  ahmedfire Wed Mar 03, 2021 7:26 pm

    Most hackers trying thousands of different accounts with the most common passwords.

    The other way is by getting the actual password file and using a cracking program on it .

    Srong passwords should protect you from the guessing technique .
    JohninMK
    JohninMK

    Posts : 8778
    Points : 8873
    Join date : 2015-06-16
    Location : England

    Password security Empty Re: Password security

    Post  JohninMK Wed Mar 03, 2021 8:59 pm

    kvs wrote:Maybe some web site passwords.   The Unix systems I use either lock me out after three failed tries (of my own account) or increase
    the time between issuing the password prompt.    So this graphic is basically meaningless.    And I am going to ignore stupid
    passwords like "password" or "123456" since most serious systems don't allow such passwords anyway and anyone using them
    is bending over and waiting to take it.   Long and hard.


    Valid points.

    I really just put it up to show the big difference a couple more letters/numbers can make. Or for example instead of an o use 0/@ or i use 1 etc

    Or how about a standard start and a unique finish like (I never use this) J0hn1nMK@RDF J0hn1nMK@Ebay etc
    GarryB
    GarryB

    Posts : 28962
    Points : 29492
    Join date : 2010-03-30
    Location : New Zealand

    Password security Empty Re: Password security

    Post  GarryB Thu Mar 04, 2021 3:35 am

    The key point however is that by adding letters adds 26 variations for each character in the password and differentiating between lower case and capitals doubles that in an english character set.

    Honestly the best password would be in Chinese because the number of variations is huge.

    Even just using numbers but using Hexadecimal numbers increases the variations... it is not complex.... it is like working out your chances of winning lotto.

    6 numbers between one and 40, so the chance of getting the first number right is one in 40... so your options are 40, 39, 38, 37, 36, and 35, but it is not just a case of getting one right, you need to get them all right though they don't need to be in order, so the chances of getting that lotto win are 40 x 39 x 38 x 37 x 36 x 35...

    if you have a password that is 6 digits long and is a decimal number then that is 10 x 10 x 10 x 10 x 10 x 10, because you can choose 0-9 for each number... so the number of possible combinations is 10 ^ 6...

    By allowing (english) letters of either case that means 10 + 26, or 36 ^ 6, but having upper and lower case means 10 + (26 x 2) ^ 6.

    Increasing the key set or the number of characters in the password greatly increase the possible key combinations.

    Most 8 bit passwords have 256 combinations... based on the keyset of an 8 bit keyboard character set, but new keysets that have foreign characters can be 16 bit or 24 bit character sets.

    Another factor is that those cracking times are estimates and are generally based on the time it would take to go through the entire key set.... but it might get the password much quicker than that... it is like looking for something in an index... that speed is basically starting at the start of the index and going through one entry at a time to find something. If the password is Aardvark then it might get it very quickly.

    Adding AI neural networks to help can massively speed up the process.

    ahmedfire likes this post


    Sponsored content

    Password security Empty Re: Password security

    Post  Sponsored content


      Current date/time is Mon May 10, 2021 1:28 am