Password: password – or how John the Ripper attacks

… a few pieces of advice from Cybersecurity Training SANS Anaheim 2019

If you were ever wondering if your password “has the power” to survive the attack of Dark Side of the Internet Force, first check if it is listed on Wikipedia’s list of the most common passwords.

Then, whilst you quickly try to come up with a new (hopefully better) password, I suggest you check it on Gibson Research Corporation, which will tell you how complicated this password really is, and how long it could take to crack it.

It appears that a password’s length is much more important than its complexity, because Pass Crackers such as good old John the Ripper require much more time to crack them with every additional character you add – the amount of time grows exponentially.

It is also crucial to use one password per place, so even if this password is cracked, the bad guys will not gain access to all your other accounts on the Internet.

The most important password is always the one to your email (and to your bank account of course). If your email account is taken over, control of other accounts can easily be lost in services such as Facebook, Linkedin, etc. because resetting forgotten passwords is usually done by sending you email.

Finally, some statistics showing how much time is needed to crack different passwords using average computing power:

  • Password: qwerty – can be cracked even in 0,00321 of a second
  • Password: qwertyqwerty – to crack this 12-character password they need around 10 days
  • Password: qwertyqwertyqwerty – before this 18-character password is cracked, the person who used it will already have been resting in peace for centuries.

Add comment


Submit a Comment

Your email address will not be published. Required fields are marked *