![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
When I started using computer networks in the early 90s, I had a six-character password. A few years later the recommendation was a minimum of eight characters, and be sure to mix it up with upper/lower-case, numbers, and maybe some punctuation.
Unfortunately way too many people still haven't even gotten that message; as a network administrator (who tries to avoid knowing people's passwords but somehow does anyway since they don't seem to care) I see some amazingly simple passwords.
Even more unfortunately, some software enforces less-than-good passwords by restricting the punctuation or the password length.
But with the guidelines of a decade ago, it's been generally assumed that brute-forcing a password would take many months at least. However, that assumed that the job would be done on a single CPU. Or possibly much faster on a massively-distributed network on CPUs, but that's still a lot of effort for a few passwords, and apparently less interesting or lucrative than searching for aliens or sending spam.
Who expected cracking a password to be done on a graphics card? In less than a week?
So basically the eight-character password has been cracked. But the 12-character password will still present a challenge for a while, even if you don't include the punctuation and numbers and all that.... though you still might be vulnerable to a dictionary attack if you're not careful.
Unfortunately way too many people still haven't even gotten that message; as a network administrator (who tries to avoid knowing people's passwords but somehow does anyway since they don't seem to care) I see some amazingly simple passwords.
Even more unfortunately, some software enforces less-than-good passwords by restricting the punctuation or the password length.
But with the guidelines of a decade ago, it's been generally assumed that brute-forcing a password would take many months at least. However, that assumed that the job would be done on a single CPU. Or possibly much faster on a massively-distributed network on CPUs, but that's still a lot of effort for a few passwords, and apparently less interesting or lucrative than searching for aliens or sending spam.
Who expected cracking a password to be done on a graphics card? In less than a week?
So basically the eight-character password has been cracked. But the 12-character password will still present a challenge for a while, even if you don't include the punctuation and numbers and all that.... though you still might be vulnerable to a dictionary attack if you're not careful.
geeky
There are 15 comments on this entry.