Archive for June, 2007

Introduction:

With the internet revolution and the millions of services on the Internet, you must be at least having ten accounts. Some other people may have hunderds of passwords. People usuall y chooses simple personal passwords like their children names, birthdates, telephone numbers or pet names. These passwords are really easy to guess especially from close friends. I’ve done it a lot of times and it’s really more popular than I even thought. I will ask in this article simple questions and answer them:

What’s a strong password?

A strong password is a combination of capital letters, small letters, numbers and special characters. Also, it must be more than 9 characters. This way will make difficult to password crackers like L0phtcrack, Cain and John the ripper.

Why do we need a strong password?

Usually we hide some private information in our accounts like financial information, bills , contact,..,etc. These information has be secure to protect them abusing.

Examples of stronger passwords include:

• t3wahSetyeT4 — not a dictionary word, has both alpha and numeric characters
• 4pRte!ai@3 — not a dictionary word, has both cases of alpha, plus numeric, and punctuation characters
• MoOoOfIn245679 — long, with both alpha cases and numeric characters
• Convert_100£ to Euros! — phrases can be long, memorable and contain an extended symbol to increase

Examples of weak passwords include:

• admin — too easily guessed
• 1234 — too easily guessed
• susan — common personal name
• password — trivially guessed, used very often
• p@$$\/\/0rd — simple letter substitutions are pre-programmed into cracking tools
• rover — common name for a pet, also a dictionary word
• 12/3/75 — date, possibly of personal importance
• December12 — Using the date of a forced password change is very common
• nbusr123 — probably a user name, and if so, very easily guessed
• asdf — a sequence of adjacent letters on many keyboards
• aaaa — repeated letters, can be guessed

How to choose simple passwords that are really hard to guess or to crack?

A very simple way to choose create passwords is by using cypher easy sentences or phrases. Let’s say that I want to create a password for my hotmail. Simply, I will choose this sentence “Ghiath’s hotmail” and my password is going to be “Gh14th’5h07m41l”. You can also choose small words that’s related to your life fot i.e. if you are driving a Mercedes E320 your password could be M3rc3d3s3320.

What are the types of password cracking?

There are many types of attacks for passwords:

Dictionary Attack: is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by searching a large number of possibilities. In contrast with a brute force attack, where all possibilities are searched through exhaustively, a dictionary attack only tries possibilities which are most likely to succeed, typically derived from a list of words in a dictionary. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or less), single words in a dictionary, or are simple variations that are easy to predict, such as appending a single digit to a word.

Hybrid Attack: A Hybrid Attack builds on the dictionary attack method by adding numerals and symbols to dictionary words.
Brute Force Attack: s a method of defeating a cryptographic scheme by trying a large number of possibilities; for example, exhaustively working through all possible keys in order to decrypt a message. In most schemes, the theoretical possibility of a brute force attack is recognized, but it is set up in such a way that it would be computationally infeasible to carry out. Accordingly, one definition of “breaking” a cryptographic scheme is to find a method faster than a brute force attack.

References:

http://www.wikipedia.org

http://www.javvin.com/networksecurity/HybridAttack.html

If you enjoyed this post, make sure you subscribe to my RSS feed!