[Eldecrok] A Hacker's Mental Notebook.
Posted: 25 May 2016, 20:50
[Every week or so, Eldecrok does some research in his spare time while working to find out how to hack more efficiently. After copying the info down on paper several times, he proceeds to burn the paper, and disperses them in a nearby park.]
Topic: Password Cracking and Password Protection.
Info relevant to me:
Length > Special characters
Characters are just another character. Though unlikely to be guessed using dictionary cracking (where they use words and phrases by swapping out characters), brute force cracking will pick up these shorter passwords.
Example (Just letters and numbers):
Possible passwords for a 62 character set with 4 characters:
2.1267647932558654e+37 (Or)
About 2 with 37 zeros.
Possible passwords for a 62 character set with 6 characters:
1.7594524073048134e+48 (Or)
About 2 with 47 zeros (Just to round down)
Website that helped out: http://www.csgnetwork.com/optionspossiblecalc.html
Set Max and Min characters to 4 and 6 respectively. Put 62 as number of characters in a set.
Explanation of Dictionary Cracking and Swapping out characters:
Dictionary cracking is when a piece of software uses predefined keywords to mix and match until they reach the target password. Since many of us still use horrible passwords, the Cracking usually doesn't need too many words to start getting a fair chunk of the population's passwords. Nowadays, things like @ for a, or ! for I is evidently common, so Dictionary cracking uses these swaps too, just to make sure it works.
Because swapping out characters is already programmed into most Dictionary Cracking services, Simply swapping out characters to common words won't help much.
Personal Info:
If you put personal info into a password, someone close to you might be able to guess it faster than a machine. Common Sense.
What actually helps:
Actually random passwords, bypasses Dictionary Cracking. Also makes it difficult for those with limited attempts
Large passwords, so long as they aren't phrases: "Largepasswordssolong" Counts as a phrase. As previously shown, longer passwords have more possibilities... Should they be random.
I recommend using a number generator instead of actual password generators, since those can be tracked. No one knows what numbers are used for anyway.
[Note: Brute Force takes longer, but will take any password given enough time. Brute force is when it goes through every character possible for every length possible. Hope that your password is both long and complex enough for surviving those.]
Conclusions for Eldecrok:
Use random phrase generators.
Use long passwords
Use dictionary cracking when dealing with likely low intelligence targets.
Topic: Password Cracking and Password Protection.
Info relevant to me:
Length > Special characters
Characters are just another character. Though unlikely to be guessed using dictionary cracking (where they use words and phrases by swapping out characters), brute force cracking will pick up these shorter passwords.
Example (Just letters and numbers):
Possible passwords for a 62 character set with 4 characters:
2.1267647932558654e+37 (Or)
About 2 with 37 zeros.
Possible passwords for a 62 character set with 6 characters:
1.7594524073048134e+48 (Or)
About 2 with 47 zeros (Just to round down)
Website that helped out: http://www.csgnetwork.com/optionspossiblecalc.html
Set Max and Min characters to 4 and 6 respectively. Put 62 as number of characters in a set.
Explanation of Dictionary Cracking and Swapping out characters:
Dictionary cracking is when a piece of software uses predefined keywords to mix and match until they reach the target password. Since many of us still use horrible passwords, the Cracking usually doesn't need too many words to start getting a fair chunk of the population's passwords. Nowadays, things like @ for a, or ! for I is evidently common, so Dictionary cracking uses these swaps too, just to make sure it works.
Because swapping out characters is already programmed into most Dictionary Cracking services, Simply swapping out characters to common words won't help much.
Personal Info:
If you put personal info into a password, someone close to you might be able to guess it faster than a machine. Common Sense.
What actually helps:
Actually random passwords, bypasses Dictionary Cracking. Also makes it difficult for those with limited attempts
Large passwords, so long as they aren't phrases: "Largepasswordssolong" Counts as a phrase. As previously shown, longer passwords have more possibilities... Should they be random.
I recommend using a number generator instead of actual password generators, since those can be tracked. No one knows what numbers are used for anyway.
[Note: Brute Force takes longer, but will take any password given enough time. Brute force is when it goes through every character possible for every length possible. Hope that your password is both long and complex enough for surviving those.]
Conclusions for Eldecrok:
Use random phrase generators.
Use long passwords
Use dictionary cracking when dealing with likely low intelligence targets.