Tag: passwords
Palin e-mail hacker found guilty
by Daniel on May.03, 2010, under Security
— From the article
The college student accused of hacking into Sarah Palin’s e-mail account in 2008 has been found guilty of obstruction of justice and unauthorized access of a computer. The verdict against 22-year-old David Kernell came down late Friday, with sentencing to follow later.
— via Palin e-mail hacker found guilty.
I have mixed feelings about this outcome, while the individual undoubtadly did the wrong thing be breaking into someones email account, he also highlighted the risks we all face(particularly public figures) as a result of the (secret) question/answer system for reseting forgotten passwords.
I don’t think these issues could have been highlighted in any more clear way to raise the publics awareness of this. No matter how many times the security iductry warns against the weaknesses of the present system, it takes real incidents (like the above) before the issues are generally accepted.
-Daniel
Relative Password Strength
by Daniel on Dec.01, 2008, under Security
e are always told to choose strong passwords, over eight characters, with lower & upper case letter, numbers and symbols, but really what difference does it make.
Lets have a look at 4 different classes of passwords each 8 characters:
A) Lower case letters only
B) Mixed case letters
C) Mixed case letters and digits
D) Mixed case letters, digits and 32 symbols
The table below shows the number of possible combinations and the time to crack based on Elcomsoft‘s rates for md5 password recovery on a dual core processor (4.7 million passwords/second)
| Class | Combinations | Time to Crack |
| A | 208,827,064,576 | 44 seconds |
| B | 53,459,728,531,456 | 3 hours |
| C | 218,340,105,584,896 | 12 hours |
| D | 6,095,689,385,410,820 | 15 days |
So you can see a password that just has lower case letters can be cracked in less than a minute! While a password that covers the full spectrum of character types will take 15 days, that’s a lot of extra effort to get into your account.
So what if you want to have a strong password, but you don’t want to have to remember a string with upper case letters, numbers and symbols. Can you have a password, containing just lower case letters, that provides as much protection as a password that contains at least 1 character from each group? Absolutely, you just have to trade complexity for length. Have a look at this table to see how long passwords need to be to be at least as strong as a 8 character class D password.
| Class | Number of Characters |
| A | 12 |
| B | 10 |
| C | 9 |
| D | 8 |
So if you want a password of lowercase letters that provides the same level of protection as a more complicated password, you’ll need 12 characters.
Of course a password that is based on dictionary words is still not going to keep the bad guys at bay for long, it still needs to be a fairly random string of letters, there are plenty of ways to come up with good passwords, but thats another article.
-Daniel
