[Previous entry: "Ad-free Opera for all!"] [Main Index] [Next entry: "More on OpenDocument"]

10/04/2005 Archived Entry: "easy to crack passwords"

A few weeks ago my alumni newsletter ran an article on computer security and passwords. Using the LC4 Windows password-recovery program (which tries dictionary words and dictionary words with added numbers) they cracked the following passwords:

sublimate ...in 2 seconds
checkmate1 ...in 3 seconds
CheCkmate ...in less than 1 second
ChEcK12 ...in 26 seconds
CheCk123 ...in 14 minutes 22 seconds
3x0n3rat3 ...in 4 hours 16 minutes 45 seconds
5ygn6thb ...could not be cracked

(Not being familiar with LC4, I presume it uses either (a) knowledge of the encryption routine and a copy of the encrypted password, or (b) access to a system routine that instantly checks passwords.)

The lesson here is that dictionary words are incredibly weak passwords, and fiddling upper/lower case or mixing in a few digits doesn't help a great deal. For a strong password, frankly, you need gibberish. How you obtain this is your challenge -- I have some mnemonic tricks that let me remember alphanumeric sequences, but I'm not about to share them, since that would make it easier for people to attack my passwords.

brad