Good points out there but, one thing is missing out there and that is "RANDOMNESS".
I came across with few, super passwords which I was studying about, how password crackers works and How they can be useful for different purposes. I some very important point from some key loggers, Yes, when I grabbed passwords from key loggers, I learned a lesson, even if the passwords are strong enough like containing special characters, numbers they still have some trouble with human idiomatic nature.
I came across with passwords like 7!g3R, B@sk3rR0@, R@m3sh, J@!Sw@m! and many many more.
What I learned from this? lets consider this,
7!g3R == Tiger/tiger
B@sk3rR0@ == BaskerRoa
R@m3sh == Ramesh
J@!Sw@m! == JaiSwami
Last three passwords are grabbed from my branch office network, and those are three passwords among other hundreds of them, the point here is this three passwords are strong but not that strong for a brain full cracker, they created there passwords with there names with using the uppercase, lowercase, special character and numbers.
There is completely difference in password guessing methodology of tradition password guessing and modern password guessing. After coming across this type of password, I learned that, little more effort of password guessing techniques would produce some more dangers to strong passwords. A perfect tool for this kind of techniques is "John The Ripper" by which we can randomize/make our own criteria for guessing passwords, like making a rule of replacing characters like @ for A/a, ! for I, o/O for 0 etc...
Soo, my point is the Randomness is very effective here, like I used to choose some of my password like, Dy3t2cMP ( this is randomness) no meaning in it. only user can remember it with a easy, like it mean, Dont you ever try to crack My Password.
Hope you got my point.
Even that, be careful in creating random/strong password which you could remember. For home or small network its not that hard to remember. I have to save a copy of user name/password of different remote location PC's on Google docs, because, I need to remotely login more then 1000's of server/workstations which contains different user names and different passwords on them, which I cannot remember them all. I already had a decent debate, with expert in password policy maintenance people on this password en-dangerous topic.
No comments:
Post a Comment