Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cracking Passwords With Statistics

Posted by Soulskill on from the statistics-is-the-most-powerful-tool-nobody-uses-correctly dept.

New submitter pjauregui writes: When users are asked to create a "secure" password, most sites simply demand things like "must contain 1 uppercase letter and one punctuation character." But those requirements often lead to users picking exactly 1 uppercase letter, and using it to begin their password. What was intended to increase randomness is instead creating structure that statistical analysis can exploit. This article starts by asking the reader, "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure." The author then describes his method for cracking passwords at scale, efficiently, stating that many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. His post is a discussion that demonstrates effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.

4 of 136 comments (clear)

  1. geeks never learn by Anonymous Coward · · Score: 3, Funny

    quote
      "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure."
    unquote

    yeah, right, my mom is gonna stop and thing about how a cracker looks at structure....

  2. Re:it's quite simple really by Anonymous Coward · · Score: 2, Funny

    Single point of failure. Excellent.

    Yeah, i don't trust the randomness of password generators either, so I always convert it back to binary from base 62, XOR it with about 95 random two-coin tosses (match=0, differ=1), and then convert it back to base 62 so I can write it as a [A-z0-9]{16} password. I do all of that inside of a 2m x 2m tinfoil blanket folded over and taped together like a sleeping bag and then grounded to a metal pipe. I do all the work on paper by hand, memorize the password, and then I shred and eat the scratch paper. Afterwards I go spend the coins in different locations.

  3. Re:For work I use really bad passwords by Buchenskjoll · · Score: 4, Funny

    "personal words" like that weirdly named village you passed through once on vacation.

    True. I spent last summer in Wales and the landscape is scattered with good passwords.

    --
    -- Make America hate again!
  4. Re:For work I use really bad passwords by Hognoxious · · Score: 1, Funny

    Just take all the vowels out. Oh, hang on a minute...

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."