Remember Me
forgot your password?

An Intruder Only Needs One Password!

Have you ever think how hard is it to choose a good password or how important it is?

Most people believe that choosing a good password is easy. After all, how is somebody going to guess my wife's maiden name?

In reality, people usually choose poor passwords. In 2004 [Klein 2004] an attempt to crack a large password database revealed over three hundred passwords in the first fifteen minutes! One fifth of all password were obtained in the first week and approximately one quarter were cracked by the end of the search. More than half of the cracked passwords were six characters or less and some accounts didn't even have a password.

An intruder only needs one password!

Choosing a good password is a tradeoff between something that is difficult to guess versus something that is easy to remember. While @G7x.m^l is probably a good password, nobody will remember it and it is certain to appear as a sticky note attached to a terminal. Conversely, your first name is very easy to remember, but it is also trivial to guess.

Some simple rules of thumb

Some simple guidelines that will help you choose better passwords are:

•    A password should be a minimum of eight characters long.
•    Try to include some form of punctuation or digit.
•    Use mixed case passwords if possible.
•    Choose a phrase or a combination of words, that make the password easier to remember.
•    Do not use a word that can be found in any dictionary (including foreign language dictionaries).
•    Do not use a keyboard pattern such as qwertyui or oeuidhtn (look at a Dvorak keyboard).
•    Do not repeat any character more than once in a row like zzzzzzzz.
•    Do not use all punctuation, all digit or all alphabetic.
•    Do not use things that can be easily determined such as:
•    Phone numbers.
•    Car registration.
•    Friends' or relatives' names.
•    Your name or employment details.
•    Any Date.
•    Never use your account name as its password.
•    Use different passwords for each accounts.
•    Change the password regularly and do not reuse passwords.
•    Do not append or prepend a digit or punctuation mark to a word.
•    Do not reverse words.
•    Do not replace letters with similar looking numbers. For instance, all of the letters i should not be blindly replaced replaced by the digit 1.

Cracking passwords

The principle behind password cracking is quite simple: take a large word list, encrypt each word and check if the encrypted string matches the user's password. Word lists that are used frequently include English and other language dictionaries, common names, pet names, television and movie characters, character patterns on keyboards (for example, qwerty) and jargon or slang terms.
To allow for the case that the user has not chosen a word in your word list, an intruder can and usually will apply a large number of simple rules to each word in the word list and check if any of these encrypt to the user's passwords. Typical rules include appending and prepending digits and other punctuation characters to words, reversing words, capitalising words, converting words to all upper or all lower case, substituting letters or digits for other letters and naturally many combinations of these. Since computers are fast, applying these rules and encrypting the resulting guess doesn't take much time and a lot of guesses can be made in a very short time.

In addition, a CD based database is supposed to have been produced that contains every word in a large dictionary plus many rule based permutations of these words encrypted in every possible manner. This reduces password cracking to a simple (and fast) database lookup.

How long is a good password?

The simple answer to this is that in general the longer the password the better.
Assuming that you're using a reasonable selection of characters for your password, say letters and numbers, then the following table presents the number of passwords possible for the various choices of length. It also includes an estimate of how much time would be required to crack the password using a brute force attack.

The cracking time field is derived from a report, that claimed the record for the speed of cracking passwords. The claim was that 6.4 million passwords per second could be tested. Given that computer speeds are increasing continuously, the following times are almost certainly over estimates of the actual time required.
Number of passwords for each length

Length     Number of Passwords         Number of passwords         Cracking Time

1     62                 Not nearly enough        Try this by hand
2     3844                 Three thousand             Almost no time
3     238328                 One quarter of a million     Less than one second
4     14776336             Fourteen million         Two seconds
5     916132832             Almost one billion         Two and a half minutes
6     56800235584             Fifty six billion         Two and a half hours
7     3521614606208             Three and a half trillion     One week
8     218340105584896         Two hundred trillion         One year
9     13537086546263552         Thirteen quadrillion         Seventy years
10     839299365868340224        80 hundred and 40 quadrillion     Forty centuries
11     52036560683837093888        Lots                 A quarter of a million years
12     3226266762397899821056        Even more             Sixteen million years

What characters should a good password contain?

The previous section assumed that passwords consisted of upper and lower case letters and digits. What happens if this character set is increased or decreased? The following table presents some of the options for eight character passwords:

Number of eight character passwords

Type of Password     Number ofCharacters     Number of Passwords     Cracking Time
7-bit ASCII         128             72057594037927936     Three hundred and fifty years
Printable Characters     95             6634204312890625     Thirty three years
Letters and Numbers     62             218340105584896     One year
Letters only         52             53459728531456         Ninety six days
Lowrcase with 1 Uprcase 26/special         1670616516608         Three days
Lowercase only         26             208827064576         Nine hours
English words: eight letters or longer     special     250000         Less than one second

So clearly, the richer the character set being used, the harder it will be to crack passwords. You should attempt to include as a minimum both upper and lower case characters and if possible, you should also include some digits, punctuation symbols and/or control codes in your password.

Examples of how to construct good passwords


So now that typical bad passwords have been discussed, how is a good password constructed? Try combining two or more words together or taking the first (or second or last) letter of each word in an easily remembered phrase. Then mangle the result by adding capitals, digits and punctuation characters. As an extra measure, control characters can also be introduced.
Some examples of using multiple words with punctuation

Here is a pair of good examples of using multiple words:

•    gOt%L0st! - got lost!
•    heLP4me$ - help for me (money)

And here is a bad one:
•    T0gether - to get her

Some examples of using a phrase

Here are three good examples of using phrases:
•    rsKf0myH - Raindrops keep falling on my head.
•    wru2rxy? - Who are you to ask why.
•    bWiIso3! - Beware the ides of March!

And here is a bad one:
•    Aaaaaaaa - Always assert an ambiguous axiom and argue aggressively.

Hope you have find it somehow useful!
So take care when you select passwords next time! :-)

______________________________________________________________________________

Publish your articles at iTechno Article World

Jennet

When Jennet isn't writing, she's playing video games and participating in environmental NGO activities. She is crazy about new technologies and soccer!

Rate this Article: 5 / 5 stars - 1 vote(s)
Print Email Re-Publish


Article Source: http://www.articlesbase.com/security-articles/an-intruder-only-needs-one-password-689092.html
Add new Comment



Captcha
0
1. harry (10:40, 18.12.2008)
usefull... hacking part is interesting too.

  • Latest Security Articles
  • More from Jennet

Virus: M. Jackson's Death And Threats: Interent Explorer

By: Rosemarie Grabowski | 09/07/2009
Hackers Are taken advantage of the highly publicized death of Michael Jackson and duping unsuspecting users into installing malware on their computers. Microsoft corp. has released a warning about a serious computer security vulnerability it hasn't fixed yet.

What are the advantages of registry improvement software?

By: John Thompson | 09/07/2009
Registry cleaner software is a tertiary party application that cleans up un-wanted registry items and can shift junk files. This module be making computer faster, smoother and with no windows xp failure messages. There are lots of advantages of registry shop and options that windows don't fix itself.

How to Remove Malware Pro from Your System

By: Carl Atkinson | 09/07/2009
One of the more problems that people are running into with their computers these days goes by the name of Malware Pro. The truth is that there are innumerable computer viruses and spyware floating around in cyberspace and you can scarcely use the internet without running the risk of having your system infected. However, many of these threats can be sidestepped by learning about them before you encounter them.

Removing BarracudaAntivirus

By: Carl Atkinson | 09/07/2009
One of the more prevalent types of problems present out in cyberspace is a program by the name of BarracudaAntivirus. Among all of the viruses and spyware, this malicious program is causing more and more people problems. If your system is presently infected with this bad software then you know that removing it from your computer is a first priority. Fortunately, you must look no further than this article for removal instructions.

How to Remove Barracuda Antivirus

By: Carl Atkinson | 09/07/2009
There is a prevalent computer threat out there in cyberspace by the name of Barracuda Antivirus that I would like to discuss with you. This malicious program is causing more and more people problems these days so it is a quite appropriate topic for discussion. If your system is presently infected with this program then you know that removing from your computer is a top priority. This article will illustrate precisely how to do that.

Removing AntivirusSystemPro from Your System

By: Carl Atkinson | 09/07/2009
If you frequently use your computer – which most people do – then you run a significant risk of encountering viruses and spyware out there in cyberspace. One of the more prevalent types of computer threats is one by the name of AntivirusSystemPro. This program is causing more and more people problems these days so it is an appropriate time to discuss it. If your system is presently infected with this bad software then you understand that removing it from your computer is of paramount importance.

Removal for Antivirus System Pro

By: Carl Atkinson | 09/07/2009
Everybody who uses a computer regularly runs the risk of catching a virus or some sort of spyware. One of the more prevalent types of problems present in cyberspace these days is software by the name of Antivirus System Pro. This article will illustrate all of the ins and outs of this malicious software. If your system is already infected with this program you should read this article at once so that you can learn how to have this software removed from your computer.

How to Remove AntivirusDoktor2009

By: Carl Atkinson | 09/07/2009
Everybody who uses a computer regularly must know something of computer viruses and spyware. The fact of the matter is that cyberspace is virtually flooded with problematic programs and unless you understand them you are quite vulnerable. AntivirusDoktor2009 is one of the more prevalent types of such software and it is one you should definitely have a basic understanding of.

CB Quantum Honest Review - Scam?

By: Jennet | 01/06/2009 | Affiliate Programs
These 2 Clickbank ‘giants’ have just teamed up together to let YOU in on the secrets they have used to swipe 7 figures from Clickbank consistently, year-on-year, since “cracking the CB code.” This revolutionary new secret system is called the CLICKBANK QUANTUM, and it’s already causing commotion in the online community.

Instant Adsense Cash By Justin Martin - Review

By: Jennet | 13/04/2009 | Book Reviews
This is a great adsense cash first start and an absolute must for basic as well as some advanced information, although if you are well versed in Adsense it may be to basic overall. For starters and intermediates this is well worth the price is you are serious about Adsense revenue!

Instant Adsense Cash By Justin Martin - Review

By: Jennet | 13/04/2009 | Book Reviews
This is a great adsense cash first start and an absolute must for basic as well as some advanced information, although if you are well versed in Adsense it may be to basic overall. For starters and intermediates this is well worth the price is you are serious about Adsense revenue!

Hello... Who Else Wants To Make Money With Adsense?

By: Jennet | 24/03/2009 | Home Business
Earning money as an Adsense publisher is so simple, yet people think it takes a lot of time to start earning. Wow are they so wrong! Get this new 2009 year kicked off making money with Adsense in as little as a few days! You can have just a few blogs making you chunks of change, and you get to decide how much money you are going to make.

Profitable Website Flipping

By: Jennet | 05/03/2009 | Internet Marketing
One of the most lucrative yet least talked about areas of making money online is the creation and selling of developed websites for profit.

When Oral Sex Results In A Pregnancy; Can Men Ever Escape Paternity Obligations?

By: Jennet | 25/02/2009 | Health & Safety
In a lawsuit against his ex-girlfriend, Richard O. Phillips has alleged that about six years ago, he engaged in oral sex with her. Unbeknownst to Phillips, he says, his girlfriend, Sharon Irons, allegedly saved the resulting semen and used it to inseminate herself. A pregnancy resulted, Irons gave birth to a baby, and DNA tests proved Phillips to be the genetic father.

Art of Love! How to Love Consciously

By: Jennet | 05/02/2009 | Relationships
Knowing how someone wants to be loved and then providing that love are two separate things. Sometimes marriages and other relationships end because either one person does not understand how to love or meet the needs of the other; or one partner refuses to meet the needs of the other.

6 Things to Get a Better Sleep Tonight

By: Jennet | 20/01/2009 | Sleep
We all know we live in a fast world! Our lifestyle is harried, our food is fast and statistics now show it’s taking a toll on one of the most important parts of our life--our sleep.

Submit Your Articles Free: Signup


Article Categories




Use of this web site constitutes acceptance of the Terms Of Use and Privacy Policy | User published content is licensed under a Creative Commons License.
Copyright © 2005-2008 Free Articles by ArticlesBase.com, All rights reserved. (0.29, 6)