Overview
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Laurent LEVIER: Security Officer - International Telecommunications Operator
INTRODUCTION
Our story begins in the 1970s. In those days, passwords were a small thing, considered a useless constraint that everyone had to endure and treated with carelessness, even disdain. In those far-off days, it was usually empty or identical to the user's login or first name, and rarely more elaborate. With the rapid spread of digitalization and the progress of hacking techniques and attempts, it is now increasingly coveted, omnipresent as it has become, and no longer able to remain simplistic in terms of the power it conveys. We've gone from having one password for everything to having one for every use, with an obligatory minimum of quality.
In the early years of local area networks, and later the Internet, passwords were encoded in storage devices using algorithms that would make people smile today. But, at the time, cryptographic attack techniques required computing power unavailable to the general public. What's more, these passwords were so simple - no one yet understood their importance - that a simple dictionary attack, even if carried out manually, was often all that was needed. Today, specialized graphics processing units (GPUs) provide, at modest cost, more than enough computing power to attack most cryptographic algorithms within a reasonable timeframe. Software technology also follows, enabling you to build your own "password-cracking" machine or, more generally, a hash-cracking machine.
In addition to these purely technical aspects, passwords are most often defined by individuals governed by stereotyped psychological behaviors stemming from their personal background, whether educational, cultural or emotional. These influencing factors will considerably shape the words chosen at the outset, as well as any transformations that may be imposed by a security policy, depending on the very terms of that policy and its presentation on the input form. A study of thousands of international users has enabled us to establish hypotheses, the validation of which is progressing rapidly, as to the final form the password will take, enabling us to greatly improve the performance of brute force attacks.
Nowadays, passwords are still the unloved creature of the IT world, and there are no plethora of ways of guaranteeing their quality and therefore the protection of access to information.
Upstream, at the time of entry, it is possible to specify quality constraints and control the proposed passwords, with unacceptable proposals simply being blocked.
Another downstream solution is to ensure the quality of the chosen password. Unfortunately, this solution poses a problem because the cryptographic algorithm used to store the password is not reversible. Indeed, the algorithm does not allow the hash to...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Security Audit
Bibliography
- (1) - MUJTABA (H.) - NVIDIA Pascal GP100 GPU Benchmarks Unveiled – Tesla P100 Is The Fastest Graphics Card Ever Created For Hyperscale Computing. - Wccftech (2016). http://wccftech.com/nvidia-gp100-gpu-tesla-p100-benchmarks/
Also...
Software tools
Passmark – Videocard Benchmarks- Over 800,000 Video Cards Benchmarked
http://www.videocardbenchmark.net
Hashcat – Advanced password recovery
bcrypt
Websites
NVIDIA – GTX 1080 graphics card
http://www.nvidia.fr/graphics-cards/geforce/pascal/gtx-1080/
UBUNTU
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference