nYPdR1908 - Passwords
On passwords
As all know, passwords are total breakable, that is, they can be discovered with use of programs that use rude force to decipher passwords of users.
with this project, I will go to place you them types of passwords and the average time that a computer would lead to break the password.
Attention :
Remembering that this will not go to make with that you total are protected.
__________________________________________________________________________________________________________________________________________
This below is the types of passwords chosen for me to make the project to you
But always remembering, with keyloggers all the types of passwords easily are discovered.
Then always he takes care of where click in links, therefore you could be catching some to keylogger and will be able to have given stolen.
Tips :
Passwords with capital letters function in the Crossfire, then it alternates its password in capital and very small letters, that you will have 50% more than the security.
Example : mA2681Lb
They forgive for the bad English, As all know I am BR, and I am alone here to help.
Comments
-
-
This is bad and false.
Like XKCD says.
The best defense against a Brute Force attack is the length of the password.
When a website allows it, I use 24+ letter sentences that are far easier to remember then a 8 letter password with numbers and random letters.
Example of a password I once used.
The_Dimir_Are_Very_Secretive. -
The number of ways to crack a password.
1. Phishing, Asking questions to find ones security question answers or the password itself.
Best defense against phishing, don't give information out.
2. Scamming, Tries to get you to give the account info for something but never completes the trade. Best defense, don't ever trade your account, plus it belongs to Z8 not you.
3. Key logging, a program that records typed data on your computer and sends it to the hacker. Best defense, don't download anything your not 100% sure is safe and keep your anti-virus and malware program up to date and scan often.
4. Dictionary attack, a program the goes through all the words in a language starting from the most commonly used. Best defense, don't use just 1 word.
5. Brute force, a program that goes though all the possible combinations that are possible in a password, only practical if they have physical access to the passwords.
Best defense, Long passwords.
The first 2 require one to give out information. Number 3 requires someone to download something, and number 4 and 5 require physical access to be practical at all.
A decent offline Brute force attack system would do 100,000,000,000 guesses a second.
The_Dimir_Are_Very_Secretive. = 9.08 x 10^55 Entropy. Will takes Millions of years to break.
mA2681Lb = 2.22 x 10^14 Entropy. Broken in 37 minutes. -
The number of ways to crack a password.
1. Phishing, Asking questions to find ones security question answers or the password itself.
Best defense against phishing, don't give information out.
2. Scamming, Tries to get you to give the account info for something but never completes the trade. Best defense, don't ever trade your account, plus it belongs to Z8 not you.
3. Key logging, a program that records typed data on your computer and sends it to the hacker. Best defense, don't download anything your not 100% sure is safe and keep your anti-virus and malware program up to date and scan often.
4. Dictionary attack, a program the goes through all the words in a language starting from the most commonly used. Best defense, don't use just 1 word.
5. Brute force, a program that goes though all the possible combinations that are possible in a password, only practical if they have physical access to the passwords.
Best defense, Long passwords.
The first 2 require one to give out information. Number 3 requires someone to download something, and number 4 and 5 require physical access to be practical at all.
A decent offline Brute force attack system would do 100,000,000,000 guesses a second.
The_Dimir_Are_Very_Secretive. = 9.08 x 10^55 Entropy. Will takes Millions of years to break.
mA2681Lb = 2.22 x 10^14 Entropy. Broken in 37 minutes.
ohsnap. xD -
GodsGunman wrote: »ohsnap. xD
Yes, I know.
He based his Brute force attack number on the online restriction of about 1,000 guesses a second, which would take 100 years at that rate. But most web sites lock a account after 5 incorrect guesses for a period of time, and perm lock it in till they receive a Email validation after more incorrect guesses.
So Brute force won't work online.
The best and easiest to remember passwords are either decent length sentences or a bunch of random words.
Only way to break them is for the password user to do something stupid like give out information or download something with a carry on keylogger they are not aware of.
And if that happens it doesn't matter what the password is. -
The number of ways to crack a password.
1. Phishing, Asking questions to find ones security question answers or the password itself.
Best defense against phishing, don't give information out.
2. Scamming, Tries to get you to give the account info for something but never completes the trade. Best defense, don't ever trade your account, plus it belongs to Z8 not you.
3. Key logging, a program that records typed data on your computer and sends it to the hacker. Best defense, don't download anything your not 100% sure is safe and keep your anti-virus and malware program up to date and scan often.
4. Dictionary attack, a program the goes through all the words in a language starting from the most commonly used. Best defense, don't use just 1 word.
5. Brute force, a program that goes though all the possible combinations that are possible in a password, only practical if they have physical access to the passwords.
Best defense, Long passwords.
The first 2 require one to give out information. Number 3 requires someone to download something, and number 4 and 5 require physical access to be practical at all.
A decent offline Brute force attack system would do 100,000,000,000 guesses a second.
The_Dimir_Are_Very_Secretive. = 9.08 x 10^55 Entropy. Will takes Millions of years to break.
mA2681Lb = 2.22 x 10^14 Entropy. Broken in 37 minutes.
But always remembering, with keyloggers all the types of passwords easily are discovered. -
But always remembering, with keyloggers all the types of passwords easily are discovered.
That is always a given.
The majority of account losses is from the account owner doing something stupid like giving out the account info or downloading a program with a keylogger.
The other 2 methods are just not practical for a 1 on 1 profit.
So as long as the password isn't easy to guess and one doesn't reveal any info about it, then the odds of losing that account is near zero.
But for the sake of the argument about Brute Force defense, a 8 character password would be broken much faster then a 24 character one. -
That is always a given.
The majority of account losses is from the account owner doing something stupid like giving out the account info or downloading a program with a keylogger.
The other 2 methods are just not practical for a 1 on 1 profit.
So as long as the password isn't easy to guess and one doesn't reveal any info about it, then the odds of losing that account is near zero.
But for the sake of the argument about Brute Force defense, a 8 character password would be broken much faster then a 24 character one.
Yes, but the places are not all that accept a Password of 24 Characters, then recommend to mount a password, Independent of the size, alternating between capital letters and small letters, what it would take the Double of the time to be broken. -
Yes, but the places are not all that accept a Password of 24 Characters, then recommend to mount a password, Independent of the size, alternating between capital letters and small letters, what it would take the Double of the time to be broken.
Then just do the max they allow.
A password that has lots of random letters and numbers is usually difficult to remember for most people. Requiring them to write the password down somewhere to remember. And that written down password is a security issue.
As long as the password isn't easy to guess by a hacker in a few dozen tries it will be secure.
Having 2-5 random words as a password is very secure from guessing and secure from brute forcing with the benefit of being very easy to remember.
Your main argument was about security against a Brute Force attack.
But most Brute Force attacks happen Offline (which is 100,000,000 times faster then a online), the hacker gets a copy of the encrypted data and tries to find the password. This is how passwords work, they use the password to encrypt the data with and the only one who knows the password is the one who made it.
Even Server Administrators don't know a clients password. When a client loses or forgets a password they can only reset the password, they have no way of finding what it was with out a Brute force method.
Most sites have the minimum password length be 8 characters and max be around 20.
The best defense against a Brute Force attack is length of the password, not the complexity. Your Complex Letter and letter password encourages people to use the minimum character limit in order to remember it and thus making it easier to break with a Brute Force attack. And it also makes them more likely to write it down somewhere, usually near the computer, in order to remember it and anyone else who happens to find it can use it.
Of the 5 methods I said before to break a password.
3 require one to be a idiot and thus making any level of security pointless with them.
And 2 require a physical copy of the encrypted data.
Your complex method does nothing for the first 3 and makes the last 2 easier.
Here is why a long password is better for against a brute force attack.
Passwords increase entropy to the power of number of characters, the base number being what language code the password uses. ASCII has 128 characters and UNICODE has 256+, these 2 codes are the most common.
So each additional character increases the entropy by either 128 or 256.
8 Character password maximum entropy:
256*256*256*256*256*256*256*256= 18,446,744,073,709,551,616
(This is if a site uses UNICODE, most sites use ASCII)
128*128*128*128*128*128*128*128= 72,057,594,037,927,936
(This is if a site uses ASCII, which it mostly likely is)
The Maximum entropy from the average web site password would take no longer then 8-9 days to break. But very, VERY few people use the the special code symbols on computers to make passwords, which reduces ones entropy to less then 1/300th of the max.
222,000,000,000,000 is what your password is at because it doesn't use any special code characters at all.
16 Character password maximum entropy:
256*256*256*256*256*256*256*256*256*256*256*256*256*256*256*256=
340,282,366,920,938,463,463,374,607,431,768,211,456
Compare it to the 8 character of:
18,446,744,073,709,551,616
128*128*128*128*128*128*128*128*128*128*128*128*128*128*128*128=
5,192,296,858,534,827,628,530,496,329,220,096
Compared to the 8 character of:
72,057,594,037,927,936
As one can see, by simply going for a 16+ easy to remember password over a 8 character hard to remember one, they increase the difficulty to break and time required to break it by over one TRILLION times at least. -
I use AES-256bit on my drive. With a 30 character password it'll take longer than the current age of the universe to decipher it using todays computers.
1,766,847,064,778,384,329,583,297,500,742,918,515,827,483,896,875,618,958,121,606,201,292,619,776
Possibilities...
Nice.
A Dictionary attack would take less then a second to guess that.GoPancakes wrote: »If you make your password, "password", it'll never be guessed
Password and Password verities are one of the most common passwords used.
Categories
- All Categories
- Z8Games
- 1 Z8 Forum Discussion & Suggestions
- 15 Z8Games Announcements
- Rules & Conduct
- 2.5K CrossFire
- 709 CrossFire Announcements
- 712 Previous Announcements
- 2 Previous Patch Notes
- 319 Community
- 12 Modes
- 392 Suggestions
- 16 Clan Discussion and Recruitment
- 73 CF Competitive Forum
- 1 CFCL
- 16 Looking for a Team?
- 522 CrossFire Support
- 7 Suggestion
- 15 CrossFire Guides
- 35 CrossFire Off Topic