![]() ![]() If someone stole the database, they wouldn't be any closer to cracking any password. You are correct that the danger is higher with a stolen database, however with good security, this too is meaningless.Īt my current job (a digital security company) we combine the user's password with a long server-side variable before using an expensive hash with a salt on the combination. Your chart fails because it ignores relevant variables in the software and the users. Easy to remember, easy for variety and a nightmare to brute. The more complex a password is the more likely a person is to re-use it so one successful fish normally gets you in everywhere (people tend to phish due to the fact you cat tell how complex a password is until after you have it), as a result in the real world the most secure password is 18 characters all lower case. More complex ones have a theoretical strength increase but the brute force attack doesn't know what's behind the encryption yet, so they are in fact exactly as secure as each other. So here are some rules about password strength. ![]() Now for the record the password was 12 characters, and again even if it was just letters the brute force needs to explore its variants. The password could be "password" and the brute force app would need to go through every 8 character attempt on the route there. I have to let the brute force try everything, lower upper, numbers, characters everything. So when I brute force a password protected file (which I had to do at Christmas cos my covid results were sent encrypted with no password). I would generally need the password to know. As long as I know that's what the password is built up with. If someone has an uppercase and lowercase password under 10 digits on a supercomputer I can crack that sure I a few days. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |