{"id":2970,"date":"2011-03-29T12:00:33","date_gmt":"2011-03-29T04:00:33","guid":{"rendered":"http:\/\/www.janleow.com\/life\/?p=2970"},"modified":"2011-03-29T12:00:33","modified_gmt":"2011-03-29T04:00:33","slug":"brute-force-password-cracking","status":"publish","type":"post","link":"https:\/\/www.janleow.com\/life\/brute-force-password-cracking.html","title":{"rendered":"Brute Force Password Cracking"},"content":{"rendered":"<p>Keep your password difficult to crack because brute force password cracking is possible to gain access to any of your secured work space such as your website. I happen to bump into this information some time ago (forgot which website) which gives a rough indication how secure your password is against a would be attacked attempting to use a brute force cracker to break your password and gain unauthorised access to your area of security. Thus it is prudent to create as unique and complicated password as you can to foil any attempts for a hacker to gain access.<!--more--><\/p>\n<p>Most times, you want something simple to remember. That&#8217;s ok if you have nothing very important and losing an email, facebook, twitter account etc just amounted to a major irritating inconvenience. However nowadays with so many services tie in together including banking, business, financial and monetary account linking, having  your email, facebook, twitter and various others account hacked is no laughing matter. You could lose your money in your banking account, your online business income and even loss of business from a defaced website.<\/p>\n<p>Simple passwords that uses alphabets + numbers no longer suffice, and now you need to consider a mix sequence of alphabets (upper and lower case), numbers and symbols to make it that much harder for brute force password cracking.<\/p>\n<p>If you have websites, inclusion of other time delaying entry of ID\/password for wrong info entered on a fixed set of times as well as captcha and other verification process do indeed slow down the brute force attack.<\/p>\n<p>Anyway the table I got here still shows how fast an amateur can break a simple sequence of password just by using some tools which you can get online and attempt to break your secured data. And if the password attacker has access to more powerful computers, the password breaking period will be far more shorter especially if they got specialised hardware to do it too. By making your passwords more complicated, the attempts become much more difficult.<\/p>\n<p>Unfortunately my wife complained to me why the passwords I set for her are oh, so, so difficult to remember! A little paranoia is necessary I suppose. Losing an account like hers even though she hasn&#8217;t got any linking to any financial institution is still much too troublesome!<\/p>\n<p><script type=\"text\/javascript\"><!--\ngoogle_ad_client = \"pub-5685769204706262\";\n\/* JanLeow Blog Content 336x280 *\/\ngoogle_ad_slot = \"0657399032\";\ngoogle_ad_width = 336;\ngoogle_ad_height = 280;\n\/\/-->\n<\/script><script type=\"text\/javascript\" src=\"http:\/\/pagead2.googlesyndication.com\/pagead\/show_ads.js\"><\/script><\/p>\n<p>The trick here then is to create a password that you can still remember somehow, perhaps using mnemonics and other memory helping techniques. It can still get very complicated and you still might forget especially if you have dozens of websites, hosting, affiliate accounts, banking accounts, etc. So no choice but to use password managers to store your passwords. A good one such as the opensource keypass is very good choice to use.<\/p>\n<p>So study the table below and think about how you want to set your passwords. A clever password means you can still remember though somewhat difficult and a little paranoia may help out in the long run to protect your information.<\/p>\n<hr>\n<p>An attacker may try all passwords from a dictionary or short letter\/digit combinations. With a 1.2 GHz PC he can check roughly 1.5 Million passwords per second. This gives the following figure:<\/p>\n<table border=\"1\" bordercolor=\"#999999\" bordercolorlight=\"#C0C0C0\" bordercolordark=\"#808080\" cellpadding=\"5\">\n<tr>\n<td>Length<\/td>\n<td>Password Type<\/td>\n<td>Avg. time to crack<br \/> on 1.2 GHz PC<\/td>\n<\/tr>\n<tr>\n<td>Any<\/td>\n<td>English Word<\/td>\n<td>0.03 seconds<\/td>\n<\/tr>\n<tr>\n<td>Any<\/td>\n<td>English word with digit<br \/> appended or pre-pended<\/td>\n<td>0.66 seconds<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>random digits<\/td>\n<td>3.3 seconds<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>random lower case letters<\/td>\n<td>4 seconds<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>random lower case letters\/digits<\/td>\n<td>20 seconds<\/td>\n<\/tr>\n<tr>\n<td>5<\/td>\n<td>random mixed case letters\/digits<\/td>\n<td>5 minutes<\/td>\n<\/tr>\n<tr>\n<td>6<\/td>\n<td>random mixed case letters\/digits<\/td>\n<td>5 hours<\/td>\n<\/tr>\n<tr>\n<td>7<\/td>\n<td>random mixed case letters\/digits<\/td>\n<td>14 days<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>random mixed case letters\/digits<\/td>\n<td>2.3 years<\/td>\n<\/tr>\n<tr>\n<td>8<\/td>\n<td>random letters\/digits\/punctuation<\/td>\n<td>70 years<\/td>\n<\/tr>\n<tr>\n<td>10<\/td>\n<td>random letters\/digits\/punctuation<\/td>\n<td>600,000 years<\/td>\n<\/tr>\n<\/table>\n<p>Note that this figure only applies to amateur crackers, not to someone with access to a super computer. A good password uses at least 8 random letters, digits and punctuation characters. The author uses a 10 character random password including letters, digits, punctuation and accentuated characters (the latter makes encryption with a PC conduit more difficult, though).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Keep your password difficult to crack because brute force password cracking is possible to gain access to any of your secured work space such as your website. I happen to bump into this information some time ago (forgot which website) which gives a rough indication how secure your password is against a would be attacked &hellip;<\/p>\n<p class=\"read-more\"> <a class=\"\" href=\"https:\/\/www.janleow.com\/life\/brute-force-password-cracking.html\"> <span class=\"screen-reader-text\">Brute Force Password Cracking<\/span> Read More &raquo;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[6,12],"tags":[46,111,112,135,160,162],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/p1bS5F-LU","jetpack-related-posts":[{"id":120,"url":"https:\/\/www.janleow.com\/life\/windows-vista-autologin-netplwiz.html","url_meta":{"origin":2970,"position":0},"title":"Windows Vista Autologin with netplwiz","author":"Jan","date":"17 May 2008","format":false,"excerpt":"For the previous incarnation of Windows, you could use the little powertoys called tweakui provided by Microsoft to tweak your system including the autologin feature. It helped automate your startup process and frees up your time to do something else like mix a cup of coffee while the computer boots\u2026","rel":"","context":"In &quot;Computer Devices&quot;","block_context":{"text":"Computer Devices","link":"https:\/\/www.janleow.com\/life\/category\/computer-devices"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":2893,"url":"https:\/\/www.janleow.com\/life\/nas-dongle-aka-wanser-r-review.html","url_meta":{"origin":2970,"position":1},"title":"NAS Dongle (aka Wanser-R) Review","author":"Jan","date":"1 February 2011","format":false,"excerpt":"I was thinking of using something simple like NAS Dongle also known as Wanser-R by MRT-Communication, a Taiwanese company for my office simple LAN network setup. The idea is to use this cheaper alternative than a full blown Network Attached Storage (NAS) device for storage and backup of files. Now\u2026","rel":"","context":"In &quot;Computer Devices&quot;","block_context":{"text":"Computer Devices","link":"https:\/\/www.janleow.com\/life\/category\/computer-devices"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":214,"url":"https:\/\/www.janleow.com\/life\/phising-website-msn-block-delete-checker.html","url_meta":{"origin":2970,"position":2},"title":"Phising website &#8211; MSN block delete checker &#8211; different look, same modus operandi","author":"Jan","date":"19 August 2008","format":false,"excerpt":"Whoa, so they try to change their look to trick unsuspecting MSN instant messenger user into giving up their user id and password, no? The phising trick is still the same, enter your MSN login id and password and that's it. You are hacked! This is what the website looked\u2026","rel":"","context":"In &quot;Opinions&quot;","block_context":{"text":"Opinions","link":"https:\/\/www.janleow.com\/life\/category\/opinions"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":131,"url":"https:\/\/www.janleow.com\/life\/potential-phising-website-imgeshack-info.html","url_meta":{"origin":2970,"position":3},"title":"Potential phising site &#8211; imgeshack.info","author":"Jan","date":"12 June 2008","format":false,"excerpt":"Potential Phising site If this is not a clear case of a website phising for id and password then I don't know what this is. Every now and then my MSN Messenger buddies will pop a url link to this imgeshack.info website. The website is really simple, just a page\u2026","rel":"","context":"In &quot;Opinions&quot;","block_context":{"text":"Opinions","link":"https:\/\/www.janleow.com\/life\/category\/opinions"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":155,"url":"https:\/\/www.janleow.com\/life\/webdisk-file-storage-system-on-webhosting-provider.html","url_meta":{"origin":2970,"position":4},"title":"Webdisk file storage system on webhosting provider","author":"Jan","date":"16 July 2008","format":false,"excerpt":"My current webhosting provider - Bluehost has a feature called webdisk file storage system. With its current feature of unlimited hosting space, it could actually be use as a cheap way of keeping your files online. So not only could you host your website on the hosting company, you could\u2026","rel":"","context":"In &quot;Computer Devices&quot;","block_context":{"text":"Computer Devices","link":"https:\/\/www.janleow.com\/life\/category\/computer-devices"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1590,"url":"https:\/\/www.janleow.com\/life\/jhoos-dating-messenger-scam-site.html","url_meta":{"origin":2970,"position":5},"title":"Jhoos dating messenger scam site","author":"Jan","date":"9 July 2010","format":false,"excerpt":"I have been getting Jhoos dating messenger invite from friends. All the while I just ignored it. But this time I got curious and decided to click the \"Yes\" button. But what I see looks awfully suspicious. Instead of a sign up page it asked you to key in your\u2026","rel":"","context":"In &quot;General&quot;","block_context":{"text":"General","link":"https:\/\/www.janleow.com\/life\/category\/general"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/posts\/2970"}],"collection":[{"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/comments?post=2970"}],"version-history":[{"count":0,"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/posts\/2970\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/media?parent=2970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/categories?post=2970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.janleow.com\/life\/wp-json\/wp\/v2\/tags?post=2970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}