Introduction of Password Cracking
Types of Passwords
There are three main types of passwords.
Strings of Characters plus a token
The next level in passwords is to require a string of characters, numbers and symbols plus a token of some type. An example of this is the ATM, which requires a card - the token - plus a personal identification number or PIN. This is considered more secure, because if you lack either item, you are denied access.
Biometric Passwords
The third level in passwords is the biometric password. This is the use of non-reproducible biological features, such as fingerprints or facial features to allow access. An example of this is the retinal scan, in which the retina – which is the interior surface of the back of the eye – is photographed. The retina contains a unique pattern of blood vessels that are easily seen and this pattern is compared to a reference. Biometric passwords are the most sophisticated and are considered 'safer' but in reality a password that you 'carry' in your finger or eye is no safer than a strong password that you carry in your head, provided that the software that uses the password is correctly configured.
History of Passwords
Trivia in Password History: In older versions of MS Excel and Word, passwords were stored as plain text in the document header information. View the header and you could read the password. This is valid for all versions older than Office 2000.
Windows once stored passwords as plain text in a hidden file. Forget your password? You could just delete the hidden file, and the password was erased.
Early on, Microsoft and Adobe both used passwords to mean that a file was password protected when opened with their applications. If you opened it with another application, such as Notepad, the password wasn't necessary.
Microsoft Access 2.0 databases could be opened as a text file easily by just renaming them with a “.txt” extension. Doing this allowed you to see the database data.
Adobe PDF files in versions 4.0 and older were printable and often viewable using Linux PDF readers or Ghostview for Windows.
Wireless networks have a problem with encryption as the key for the encryption can be guessed once you collect enough encrypted data out of the air to find the patterns and guess the keys. With todays computing power in the normal home, the key can be cracked almost immediately to find the password.
Bluetooth security is considered very secure, once it is setup. The problem is that bluetooth transmits a unique, freshly generated, password between the devices to establish the connection and the password is sent as plain text. If that password is intercepted, all future transmissions for that session can be easily decoded.
Exercise: Download a PDF file off the Internet and try opening it with other programs. How is the data viewable?
Build a Strong Password The best passwords:
✔ cannot be found in a dictionary
✔ contain numbers, letters and those odd swear symbols on top of the numbers
✔ contain upper and lower case letters
✔ the longer the “stronger”
With a 2 letter password, and 26 letters in the alphabet, plus 10 numbers (ignoring symbols), there are 236 possible combinations (687,000,000 possibilities). Increase the password length to 8 characters, and there are 836 combinations (324,000,000,000,000,000,000,000,000,000,000 possibilities).
There are many password generators available on the internet, but these will generate a nearly impossible to remember password.
Try instead to use a seemingly random string of letters or numbers that you can easily recall. For example:
gandt3b! (goldilocks and the 3 bears!)
JJPL2c1d (john, jill, paul, lucy, 2 cats, 1 d – the members of your household)
Exercises:
1. Create a strong password, that you could remember that scores well at the following web page: http://www.securitystats.com/tools/password.php
2. Look at the Web pages for three different banks and find out what type of password is needed to allow an account holder to access restricted information. Do the banks also offer recommendations that would lead users to create strong passwords?
0 Comments