Friday, January 12, 2007

How do password crackers work?

From Bruce Schneier, one of the worlds most respected authorities on computer security.

 

http://www.wired.com/news/columns/0,72458-0.html?tw=wn_index_19

 

“So the first attack PRTK performs is to test a dictionary of about 1,000 common passwords, things like "letmein," "password1," "123456" and so on. Then it tests them each with about 100 common suffix appendages: "1," "4u," "69," "abc," "!" and so on. Believe it or not, it recovers about 24 percent of all passwords with these 100,000 combinations.”

 

Fortunately, Bruce ALSO gives some good advice on how to create an un-guessable password.

So if you want your password to be hard to guess, you should choose something not on any of the root or appendage lists. You should mix upper and lowercase in the middle of your root. You should add numbers and symbols in the middle of your root, not as common substitutions. Or drop your appendage in the middle of your root. Or use two roots with an appendage in the middle.”

 

 

No comments: