Slashdot Mirror


Cracking Passwords With Statistics

New submitter pjauregui writes: When users are asked to create a "secure" password, most sites simply demand things like "must contain 1 uppercase letter and one punctuation character." But those requirements often lead to users picking exactly 1 uppercase letter, and using it to begin their password. What was intended to increase randomness is instead creating structure that statistical analysis can exploit. This article starts by asking the reader, "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure." The author then describes his method for cracking passwords at scale, efficiently, stating that many attackers approach this concept headfirst: They try any arbitrary password attack they feel like trying with little reasoning. His post is a discussion that demonstrates effective methodologies for password cracking and how statistical analysis of passwords can be used in conjunction with tools to create a time boxed approach to efficient and successful cracking.

2 of 136 comments (clear)

  1. geeks never learn by Anonymous Coward · · Score: 3, Funny

    quote
      "Think like a hacker and ask yourself how fast your passwords might be able to be cracked based on their structure."
    unquote

    yeah, right, my mom is gonna stop and thing about how a cracker looks at structure....

  2. Re:For work I use really bad passwords by Buchenskjoll · · Score: 4, Funny

    "personal words" like that weirdly named village you passed through once on vacation.

    True. I spent last summer in Wales and the landscape is scattered with good passwords.

    --
    -- Make America hate again!