How effective are password hack tools?
Richard Brain, our resident application and platform security expert, explains why strengthening a password is so important.
How effective are current password hack tools, and what can be done to enable secure user authentication and defend against them?
Password hack tools have continually improved in the past few years. In late 2008, for example, a Russian firm used parallel Nvidia Graphics cards to dramatically reduce the time needed to crack WPA Wi-Fi passwords.
The cracking process also becomes even faster if extensive rainbow tables are used. These tables contain pre-calculated password hash lookups, which can break the encryption used to protect the passwords, and therefore provide a shortcut for those trying to hack them. Thanks to these recent improvements, it is now trivial to crack a password based on a dictionary word or a dictionary word combined with a number.
The best defence against password hack tools is to create a strong password consisting of multiple words, numbers and characters of mixed case. It is also common to find the Leet alphabet (Internet slang, similar to the spellings and abbreviations used in telephone text messages) or password generators, being used to create strong passwords.
The cracking process also becomes even faster if extensive rainbow tables are used. These tables contain pre-calculated password hash lookups, which can break the encryption used to protect the passwords, and therefore provide a shortcut for those trying to hack them. Thanks to these recent improvements, it is now trivial to crack a password based on a dictionary word or a dictionary word combined with a number.
The best defence against password hack tools is to create a strong password consisting of multiple words, numbers and characters of mixed case. It is also common to find the Leet alphabet (Internet slang, similar to the spellings and abbreviations used in telephone text messages) or password generators, being used to create strong passwords.
This was last published in June 2009
Start the conversation
0 comments