So, whoever buys this program can start craking people's passwords?
Jerry >>
You can have the right hardware and software but you also need access to system files to crack the passwords. It isn't like you are going to get thousands of shots at a network password gate even if the network bottleneck wasn't an enormous speedbump rendering graphic accelerators useless. I think the target might be unlocking encrypted stolen drives and things like that.
I used to crack UNIX passwords on a regular basis (white hat stuff though). Used to be a decent program called Crack (among several other similar ones). I wrote my own to give me more flexibility in rulesets and admissible regular expressions as well as to include parsing of web browsing history and bookmarks text. It is amazing how insecure peoples' passwords are very often. I nailed >80% of the passwords on one system in a half hour or so, though I forget as it was a long time ago. People complained about that. But that was expected. I think more folks try harder, or at least I hope so, these days.
Please use a password to logon to your computer. Go to you control panel and enable set a password to prompt you for a password. Use a passphrase like 4scoreand30DayZ=12. Protect the hell out of you online passwords; use a strong password or passphrase like i mentionted. If you logon to a domain at work use a strong passphrase! This comes up time and time again for network admins.
The chart is needlessly scary. It assumes the cracker KNOWS you have used only lower case letters, or only letters and numbers, etc. Most passwords are compromised by writing it on a sticky note on your computer, or giving it to a fake phishing site.
Frank Provasek - PCGS Authorized Dealer, Life Member ANA, Member TNA. www.frankcoins.com
Once you get a strong password social engineer and other tricks are much more effective than crack programs. Another factor is the more complex the password, the more often the users needs an administrator assist to reset it.
My work policy is minimum 9 characters but must include mix of upper case, lower case, numbers and special characters.
<< <i>Mine also includes "special characters" !@#$%^&*()_+?><":{}';}{[] where allowed. >>
Why are you cussing at us?
Worry is the interest you pay on a debt you may not owe.
"Paper money eventually returns to its intrinsic value---zero."----Voltaire
"Everything you say should be true, but not everything true should be said."----Voltaire
Comments
Russ, NCNE
already
it'll take me a millenia to recall it.
And they won't be getting much I spend it all on coins.
NSDR - Life Member
SSDC - Life Member
ANA - Pay As I Go Member
<< <i>New Scientist article on password cracking with GPUs instead of CPUs. >>
So, whoever buys this program can start craking people's passwords?
Jerry
<< <i>
<< <i>New Scientist article on password cracking with GPUs instead of CPUs. >>
So, whoever buys this program can start craking people's passwords?
Jerry >>
You can have the right hardware and software but you also need access to system files to crack the passwords. It isn't like you are going to get thousands of shots at a network password gate even if the network bottleneck wasn't an enormous speedbump rendering graphic accelerators useless. I think the target might be unlocking encrypted stolen drives and things like that.
I used to crack UNIX passwords on a regular basis (white hat stuff though). Used to be a decent program called Crack (among several other similar ones). I wrote my own to give me more flexibility in rulesets and admissible regular expressions as well as to include parsing of web browsing history and bookmarks text. It is amazing how insecure peoples' passwords are very often. I nailed >80% of the passwords on one system in a half hour or so, though I forget as it was a long time ago. People complained about that. But that was expected. I think more folks try harder, or at least I hope so, these days.
NSDR - Life Member
SSDC - Life Member
ANA - Pay As I Go Member
This comes up time and time again for network admins.
<< <i>These guys can crack any password.
Looks like the stock market in full swing.
Hoard the keys.
My work policy is minimum 9 characters but must include mix of upper case, lower case, numbers and special characters.
Go BIG or GO HOME. ©Bill
Herb
<< <i>Mine also includes "special characters" !@#$%^&*()_+?><":{}';}{[] where allowed.
Why are you cussing at us?
Worry is the interest you pay on a debt you may not owe.
"Paper money eventually returns to its intrinsic value---zero."----Voltaire
"Everything you say should be true, but not everything true should be said."----Voltaire
Buying top quality Seated Dimes in Gem BU and Proof.
Buying great coins - monster eye appeal only.