Are Any Passwords Secure Any More?
Posted on by Peter James
As computer power has increased, the tools that allow hackers to infiltrate computers have gotten stronger as well. It’s widely recommended that you don’t use common words for your passwords – don’t use “password,” the name of your pet, or you child’s first name, the latter two being easy to discover. Recommendations generally tell you to use a word that’s not in a dictionary, to mix letters, numbers and punctuation, and to make a password long enough.
But are these passwords secure? And how long is long enough? A Swiss company, Objectif Sécurité, has developed a system for cracking passwords based on tables that are stored on SSD drives. Why SSD? Well, it turns out that using SSD drives is much faster than traditional hard drives, allowing more than 300 billion tests per second.
Here’s how it works. Your password is not stored on your computer, but a “hash” of it is. This is a string of letters and numbers that is created by applying mathematical functions to your password. Since multiple passwords could have the same hash, there’s no way of working back from the hash to the password, but software can test billions of possible combinations to see if they do, indeed, produce the hash of your password.
In a test, it was found that this password cracking tool could find complex 14-character passwords used with Windows XP in less than ten seconds. Passwords this long are considered to be very strong by Mac OS X (even ten-character random passwords are considered strong).