DZone Security Zone
The average password is easily hacked in minutes by an experienced software developer. This is because of a fundamental flaw in how we were taught to create our passwords. An example of a bad password is for instance; “qWxc4&Gh”. On the surface such passwords seems to be impossible to hack, but such a password can actually easily be hacked in 39 minutes by an experienced hacker by simply “guessing”, using a technique referred to as brute force, where a computer tries all combinations of characters one after the other. The reason is because of something we refer to as “entropy” in computer programming and cryptography. There are simply not enough possible combinations in short passwords such as the above to be “random enough” to prevent a computer from guessing it by trying all combinations of characters one after the other. Below is a list taken from Hive Systems illustrating the problem.
In addition to that such passwords are easily guessed, they’re also extremely difficult to remember, resulting in users having to write down their passwords somewhere to be able to remember them. The only real alternative to writing down your passwords, seems to be to use the same password on multiple sites, over and over again. Since few websites and software systems (correctly) implement password hashing using BlowFish and per record based salts, this results in that if a malicious hacker manages to hack one website you’ve registered with, he can typically reuse your password from that one website on all websites you’ve registered. This of course results in that if you choose to register with a password at “The Free Ponies and Barbies for your Daughter” website, a hacker capable of hacking “the free pony site” might end up having your password for your online internet bank. If you’re a software developer reading this and you’re telling me “but I’m hashing my passwords” then I’ve got three words for you …
Read the original article: