PASSWORD SECURITY - DESIGNING SECURE PASSWORDS AIN'T DIFFICULT

How hackers work?

There are two main techniques for password hacking commonly used by hackers of the day.

Password Recovery Technique:

In this technique the hacker tries to fool your computer into believing him to being a genuine administrator. There are several programs available for password auditing and recovery such as L0phtCrack, John the Ripper, and Cain; some of which use password design vulnerabilities (as in the Microsoft LANManager system) to increase efficiency. Some are useful to system administrators as any password which can be found using one of these programs is most definitely a weak password and should be rejected as an acceptable password choice.

Brute Force Technique:

The technique wherein the hacker takes multiple tries at your password repetitively (Sometimes up to thousands of tries per minute) is called “Brute Force”. Brute force hackers use a dictionary called a “Brute Force dictionary”. These are software tools that are capable of recombining English dictionary words in a variety of ways. Generally these dictionaries begin with simple letters “a”, “aa”, “aaa” and then eventually move to full words like “dog”, “doggie” and “doggy”. (Gil, 2007) Well designed brute force dictionaries can take up to 50 tries a minute. Hence in a time span of several hours or even days, the dictionary can crack any password.

Hence a good password is one that makes it take days for the hacker to crack.

Encryption and Master Passwords:

It is prescribed to have a different password for each user account. Since it is difficult to remember numerous passwords and user accounts, a solution may be to remember a single base password, and remember a list of keywords for each user account, and encrypt the base text using the keyword by putting it through a suitable “Cipher” (encoder).

Try the Credibles’ very own password generator, which teaches you the basics of encryption.

INSERT JAVA APPLET HERE

NOTE : Enter a simple base text and keyword and take a look at the password generated.

Since the Vigenere Cipher has been used only alphabetic strings can be handled. It is not recommended to use any of the passwords generated by password generator as a password, as the password generated is merely one that elucidates encryption process and isn’t secure.

Brief description of Encryption using Vigenere Cipher:

Encryption is the conversion of data into a form, called a ciphertext that cannot be easily understood by unauthorized people.

The Vigenere Cipher was developed by Blaise de Vigenere around 1586, for French diplomatic and military communications. The Vigenere Cipher uses a keyword and a 26-by-26 matrix of letters to substitute plaintext letters with ciphertext letters and vice versa. The message sender and receiver must both use the same matrix and keyword.
The matrix used for our encryption is –

[PUT IN MATRIX HERE]

The matrix contains the ciphertext letters. The lowercase letters are row and column indices.

To encrypt a plaintext letter:

  • The plaintext letter is matched with a keyword letter as shown below.
  • The keyword letter determines the ROW of the matrix. Find the row that begins with the keyword letter.
  • The plaintext letter determines the COLUMN of the matrix.
  • The ciphertext letter is found at the intersection of ROW and COLUMN.

Examples :

Base password : JohnSmith
Keyword : Hotmail
Password Generated : QCAZSUTAV

To decrypt a message the process is reversed.

[pUT IN THE PASSWORD DOS AND DONTS TABLE]

Previous Page

Translate to Bahasa Indonesia
Click to translate

A-  A   A+
(Adjust Font Size)

Navigation

Related Articles

Sensationalism
  • Link 1
  • Link 2
  • Link 3

External Links

Print This Page
Print Page

© The Credibles - You can trust us !