Shack - Sean Heuchert Educational Technology Blog

Online home of Sean Heuchert - my blog of Educational Technology ramblings

Work
Waiting for Godot
RCMB
Ray Schroeder
Commun-IT

Search

Browse
  Educational Technology Eee PC Stupid Tech Tricks Technology Planning

RSS / Atom

How secure is your password? · Apr 06, 04:16 AM

It used to be that you could feel pretty good about a 7-8 character password, once upon a time. Then people figured out that they could guess an encrypted password a lot faster by encrypting the guesses. So, the “file” your password is encrypted in only has to be compared to a huge collection of encrypted guess files called “rainbow tables”. How effective is this solution? The Ophcrack using rainbow tables was able to crack the password Fgpyyih804423 in just over two and a half minutes. [Source]

Passphrases go a long way to defeating these pre-computed cracks because they are too long to pre-compute. However, there are computers today that can brute force attack a 12 character password (191 trillion possible combinations) in a day and a half. [Source]

My length of password is 20 characters, a 15 character password would take the fastest computer on earth 53000 years to crack using brute force methods. All of these calculations have one downfall though. There used to be a time when users would download large files off of each other and they realized that when 500 people download a file from a server it swamps the server, but if you give each of those people the ability to share a chunk of that file with other people you have a distributed sharing of that file. This concept is called Bit Torrent. How long will it be until a hacker develops a method to chunk down the tasks in brute forcing a password and distribute that to an army of computers. How large was the last botnet discovered…50 000 computers? What is stopping an enterprising coder from using those 50 000 computers in a grid to brute force a password, any password?

I’m also wondering what our financial institutions are doing…I know if I enter my PIN wrong three times I’ll get locked out, but 50 000 computers trying different PIN’s exactly simultaneously, that is 150K tries, more than enough to crack a 5 number PIN. The four number PIN Scotiabank limits their customers to has only 10 000 combinations. A little scary if you ask me.

Moral of the story. Use a passphrase with no less than 15 characters.

— Sean Heuchert

Comment

Commenting is closed for this article.

Reply All Makes Top 10 list More email pet peeves