Wednesday, November 17, 2010

Password protection? Forget it.

When we choose passwords, we sometimes err and create an easy to guess password, such as our spouse's first name. In this world of social media connections, that isn't a wise move any more, so we try to come up with more complex passwords.

Just remember one thing - just about any password that you create can be cracked, if someone can get access to the password hash file.

Previously, computing time was a barrier that kept passwords somewhat protected, but technological innovation coupled with hardware advances have removed that protection. As the Register put it:

After optimising its rainbow tables of password hashes to make use of SSDs Swiss security firm Objectif Sécurité was able to crack 14-digit WinXP passwords with special characters in just 5.3 seconds.

Now "rainbow tables" are technology used by Objectif Sécurité, while the acronym "SSD" stands for "solid state disk."

Do you want to try it out with a Windows XP password? Go to the bottom of this page at the Objectif Sécurité web site and enter the hashed data.

The demo cracks passwords made of 52 mixed case letters, 10 numbers and 33 special characters of length up to 14....

Dan Dieterle tried it, and here is one of his results:

Hash: ac93c8016d14e75a2e9b76bb9e8c2bb6:8516cd0838d1a4dfd1ac3e8eb9811350
Password: (689!!!<>”QTHp
Time: 8 Seconds

Yes. If you're using the password (689!!!<>”QTHp, it can be cracked in seconds.

(H/T Biometrics4You.)
blog comments powered by Disqus