We've covered a few security-related products and services recently, and we know that this is a topic which many of us are interested in.
So, to end this brief run of security postings, here's something about a freeware program with a difference. The difference is that I'm not actually suggesting you download and run it. Instead, increase your understanding of the program, and others in the same genre, by reading an excellent article. Let me explain.
Have you ever wondered how password cracking works? And why it causes so much of a furore when a web site is discovered to have had its password file hacked into and stolen? If so, then here's how it work.
When you choose a password to use on a web site, the site needs to store that password in a database so that it can recognise you when you subsequently log in. Although some sites do simply store the password itself, this is clearly a security risk. Therefore, sites tend to store a hash instead. A hash is the result of putting the password through a special mathematical formula which only works in one direction. For example, put "TechSupportAlert" through the MD5 hash formula and it comes out as b7c1ecff69702b37278e9badcb386e30.
The clever bit is that hashing only works in one direction. There's no way to start with that hash and work out what password it corresponds to. So when you log into the web site, and type "TechSupportAlert" as your password, the site hashes it again, and checks whether the hashed version of what you just typed matches the hash in the database. If so, you are safe to enter.
So how does password cracking work? And why do experts advise you to never choose a password that appears in a dictionary?
Well, imagine that I hack into a website and steal its database of usernames and hashed passwords. And then imagine that I search that database of hashes for b7c1ecff69702b37278e9badcb386e30. If I find a match, then I know that this particular user has chosen TechSupportAlert as their password.
And so to the article that explains it all in more detail, and is a diary of one person's attempt to try cracking some passwords. You'll find it at http://arstechnica.com/security/2013/03/how-i-became-a-password-cracker/1/. Once you've read it, you'll realise why choosing a strong, long, non-dictionary password makes sense. Especially on important web sites such as online banks and PayPal. If you don't, you'll now understand the risks much more clearly.
From Gizmo
Find Out How Password Cracking Works
Thứ Sáu, 3 tháng 5, 2013
Đăng ký:
Đăng Nhận xét (Atom)
Bài đăng phổ biến
-
Want to check your Gmail inbox without pointing and clicking? You’ll barely have to touch your mouse with these handy keyboard shortcuts a...
-
Do you want to have free websites? With no costs? Even no Ads? There are many web hosting services that provide a free hosting , but they...
-
Apa yang anda rasakan ketika sebuah perusahaan berhasil memberikan pengalaman begitu besar, begitu pribadi, sehingga menciptakan respons emo...
-
Made the leap to the drastically revamped Windows 8 ? Feeling a little lost? You’re not the only one. Read on for eight tips that’ll help y...
-
Inbound links are the single most important factor in determining your position on Google’s results pages. Inbound links are good Here’s wha...
-
Như bạn đã biết, cái gì nhiều quá cũng không tốt, máy tính hoạt động hết công suất sẽ mau hư, con người làm nhiều việc quá sẽ rất mệt, dễ gâ...
-
Malvertising is a word that has been bouncing around the internet for a while now. It refers to an increasingly common type of online hack,...
-
Despite the apparent advancement of HTML-driven websites and old-school methodology of designing Dreamweaver or NetObjects-based websites,...
-
Many millions of people worldwide enjoy connecting with friends and family via Facebook. We get a kick out of sharing baby pictures, funny...
-
A recently updated and fresh list of top 10, top 50, and top 100+ best and free online ads posting classified ads websites around the int...
0 nhận xét:
Đăng nhận xét