Social media philosophy blog
Monday June 26th 2017

50 ways to steal your password, part 2

In my first post in this series, I focused on the perils of leaving the computer unattended. However, various passwords on the Internet are open and accessible for theft 24/7. In addition, they can be accessed from any place. The most obvious way of doing this is through password cracking. All you need for this is 1) password cracking software and 2) access to a list of passwords. The first one is easy and the second one more difficult. However, any service that needs to check the authenticity of users logging in, need to save such lists in several places and make them accessible through many channels. Password lists have historically been notoriously difficult to contain. This creates a vulnerability that is countered by storing a cryptographic hash of each password. The idea is that even if you do get access to the list of passwords, it would be useless for you. Not so.

6. The basic technique for cracking a password is brute force. The program simply runs through and tests every conceivable combination until successful. The brute force method is crude but effective against shorter passwords. To guard against it, you should have a lengthy password since the difficultly increases exponentially with length.
7. For longer passwords, the dictionary method has proven very effective. Instead of running through a random combination of figures, as with brute force, the program runs through the whole dictionary. As most people only use a word, the password is eventually cracked. To guard against it, we are recommended to combine words or put in numbers.
8. However, the dictionary method can also be used to try each word in the dictionary against any other word or against any number at the start or at the end of the password (way we like to put them).
9. Building on the assumption that many people will build their passwords on their specific context and the things that are important for them, it can be possible to feed the program certain clues such as occupation, names of family members, address, etc.
10. Cracking software can also include functions for cryptanalysis. The dreaded rainbow table method has proven very successful. This effectively reverses the cryptographic hash procedure.

As personal computers have become more powerful each year, cracking has become easier even with more complex and longer passwords. The safety measure of “rehashing” the password will probably be more common in the future. We are not there yet.

Leave a Reply