[Previous entry: "Ad-free Opera for all!"] [Main Index] [Next entry: "More on OpenDocument"]

10/04/2005 Archived Entry: "easy to crack passwords"

A few weeks ago my alumni newsletter ran an article on computer security and passwords. Using the LC4 Windows password-recovery program (which tries dictionary words and dictionary words with added numbers) they cracked the following passwords:

sublimate ...in 2 seconds
checkmate1 ...in 3 seconds
CheCkmate ...in less than 1 second
ChEcK12 ...in 26 seconds
CheCk123 ...in 14 minutes 22 seconds
3x0n3rat3 ...in 4 hours 16 minutes 45 seconds
5ygn6thb ...could not be cracked

(Not being familiar with LC4, I presume it uses either (a) knowledge of the encryption routine and a copy of the encrypted password, or (b) access to a system routine that instantly checks passwords.)

The lesson here is that dictionary words are incredibly weak passwords, and fiddling upper/lower case or mixing in a few digits doesn't help a great deal. For a strong password, frankly, you need gibberish. How you obtain this is your challenge -- I have some mnemonic tricks that let me remember alphanumeric sequences, but I'm not about to share them, since that would make it easier for people to attack my passwords.


Powered By Greymatter