NNSquad - Network Neutrality Squad
[ NNSquad ] Cracking tough passwords
Cracking tough passwords
Anatomy of a hack: How crackers ransack passwords like "qeadzcwrsfxv1331"
http://j.mp/ZpFVpH (ars technica)
"For Ars, three crackers have at 16,000+ hashed passcodes-with 90
percent success."
- - -
A few things to note here. First, longer passwords composed of
nonsense (no words!) alphanumeric sequences are still relatively
secure from this form of attack. Second, this attack requires direct
access to a ripped off hash password table -- it isn't practical via
normal login channels, and the encoding needs to have been done with a
weaker algorithm (by today's standards, anyway). And of course, if
you're using two-factor authentication properly (with a well
implemented two-factor system), the password won't do the attacker any
good anyway -- unless you've also used it on other systems that don't
have two-factor authentication, that is!
--Lauren--
Lauren Weinstein (lauren@vortex.com): http://www.vortex.com/lauren
Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info
Founder:
- Network Neutrality Squad: http://www.nnsquad.org
- PRIVACY Forum: http://www.vortex.com/privacy-info
- Data Wisdom Explorers League: http://www.dwel.org
- Global Coalition for Transparent Internet Performance: http://www.gctip.org
Member: ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Google+: http://vortex.com/g+lauren / Twitter: http://vortex.com/t-lauren
Tel: +1 (818) 225-2800 / Skype: vortex.com
_______________________________________________
nnsquad mailing list
http://lists.nnsquad.org/mailman/listinfo/nnsquad