Mon, 02 Nov 2009

Amazon's EC2 brings new might to password cracking

Well ... I suppose that his math is correct as far as generating potential passwords goes, but how much time would it take to try those passwords.

This would be utterly dependent on server and network speeds that are totally out of control of the black hats - and if each attempt took only a second to fail before the code could move on to the next attempt, it would increase both the complexity of the attack code (surely it would have to be threaded or pipelined - and that is pretty close to rocket science to get it right at this level) and the cost for bandwidth enormously. Probably so much as to make it economically infeasible.

Forget what you've learned about password security. A simple pass code with nothing more than lower-case letters may be all you need - provided you use 12 characters.

(link) [The Register]

/Technology | 0 writebacks | permanent link

comment...

 
Notes: If you put a <mailto:> link in the URL field your address will not be mangled: this could be a bad idea as your email address could be easily harvested by bots designed for SPAM. The comments field should now format correctly for line feeds and carriage returns: when you hit the 'Enter' or 'Return' keys in your comment it should break to a new line. The text should wrap cleanly. Please let me know if it doesn't. No HTML tags will pass through - entering links seems to be the main cause of comment SPAM. Also, please be sure that Javascript is enabled in your browser before attempting to post a writeback. Sorry for any inconvenience, but this really helps cut down on the amount of comment SPAM I have to deal with.
 
 Name:
 URL:(optional)
 Title: (optional)
 Comments:  
Save my Name and URL/Email for next time