Skip to content

Posts tagged ‘cracking’

24
Aug

Simpler Stronger Passwords

The complexity of passwords is indeed something that has recently flipped into the realm of impossibility for us humans. In order to get any kind of decent cracking-resistant password these days you’re probably looking at having a password of at least 15 characters, making heavy use of uppercase, lowercase, symbols, etc. Very few people will be willing to commit that to memory, and if they do, they’ll be even less likely to change it on a regular basis.

The XKCD comic below shows that point pretty simply. It’s not actually that bad to use dictionary words, as long as they’re unrelated and you chain many of them together. The reason this works is because instead of picking from a character set of 26 letters, 10 digits and 20 symbols (total=56), you’re now selecting from a character set that is as large as the dictionary (~150,000 words).  If you select four words of about 5 characters or more, the potential keyspace an attacker has to guess will be enormous – especially if you throw in a few symbols for good measure ;)

26
Nov

Ravan: Distributed Hash Cracking in JavaScript

The guys over at Attack & Defence Labs have released Ravan, a distributed hash cracker the runs in JavaScript. Users can submit hashes to be cracked, and their browser will then begin brute forcing them based on a user-defined charset. Other users can contribute some CPU power to assist in the cracking process of individual hashes, it’s all handled by the server. This would work particularly well if you have multiple computers, or lots of friends willing to help out in the cracking process. Note that as this is brute force and not dictionary-based, it really comes down to how many hashes per second are being tried.

Current supported hash algorithms are MD5, SHA-1, SHA-256 and SHA-512.

css.php