Password Security and Hackers

strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/includes/common.inc(1696) : eval()'d code on line 1.
strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/includes/common.inc(1696) : eval()'d code on line 1.
strict warning: Non-static method view::load() should not be called statically in /courses/i202/public_html/f12/sites/all/modules/views/views.module on line 879.
strict warning: Declaration of views_handler_argument::init() should be compatible with views_handler::init(&$view, $options) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/views_handler_argument.inc on line 745.
strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/views_handler_filter.inc on line 589.
strict warning: Declaration of views_handler_filter::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/views_handler_filter.inc on line 589.
strict warning: Declaration of views_handler_filter_boolean_operator::value_validate() should be compatible with views_handler_filter::value_validate($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/views_handler_filter_boolean_operator.inc on line 149.
strict warning: Declaration of views_plugin_row::options_validate() should be compatible with views_plugin::options_validate(&$form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/plugins/views_plugin_row.inc on line 135.
strict warning: Declaration of views_plugin_row::options_submit() should be compatible with views_plugin::options_submit(&$form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/plugins/views_plugin_row.inc on line 135.
strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/sites/all/modules/social_media/social_media.module on line 248.

Wed, 2012-08-29 10:59 — syh

This Ars Technica article about password security has numerous examples of leaked passwords hashes (essentially an encrypted version of your website password), both historically and recently--a good example would be the LinkedIn breach in June this year. In this article, the passwords and the hashes they generate are the information being organized.

In addition to storing the hash values and matching them to user accounts, online businesses need systems to manage the algorithm that encrypts users' passwords. The organization and retrieval of these values must be maintained 24/7; failure or inability to do so would result in inaccessible services and unhappy customers. For large companies such as LinkedIn, this amounts to millions of hashes (LinkedIn has more than 175 million users), yet speedy authentication is needed when a single user signs in. Physical servers are necessary to manage the data, and in turn, employees are hired to manage and maintain the software and servers. Companies dedicated to computer security need to track the actions of hackers, and if at all possible, stay ahead of them by designing and implementing more complex security methods. These can include additional authentication questions or 2-factor identification methods (e.g., OTP), which add security, but also means more information management systems.

Individual end-users need to organize their own password information from each site on which they have an account, in order to access the provided services. Each user has their own personal system of organization, varying from easy to remember methods such as reusing passwords (which lessens security if a password used multiple times is compromised) or using simple ones, to more complex, third-party systems such as password manager software. In order to use 2-factor identification, users are required to obtain and update software on other devices such as a cell phone or a USB key.

Though their activities are often outside of the law, the hackers, operating both alone and in groups, also have massive amounts of information to manage. For them, the data requiring organization are the dictionaries and cracked password lists, which collectively allow hackers to ignore hashes that are easy to solve (i.e., direct pattern recognition) and concentrate on decrypting stronger passwords. An effective hacker would be aware of new leaked password hashes, and add to his or her collection with each successive breach. Hackers also have to manage their hardware and their password cracking algorithms (including widely available software), which can all be upgraded for faster computation.

syh's blog
Login to post comments

Recent Tweets

elliot: Library of Babel for the modern era: http://t.co/IPQKRi0Oxw #i202 11:51am
elliot: #i202 humor: RT"@shariv67: I always get homophone and homophobe mixed up. I just know that one of them secretly likes caulk." 10:37am
scott.martin: RT @OceanPortal: There are whales alive today who were born before Moby Dick was written http://t.co/81frDzj9 (via @BayNature) #i202 10:49am
sasaki: Now Google Knowledge Graph is going global. #i202 --> Google's Knowledge Graph tripled in size in seven months : http://t.co/8XecYuW9 9:59pm
seema: Shazam, the tool that tells you the song by listening to it, will now do the same for TV shows! #futureofsearch #i202 http://t.co/XzOZqaU2 10:09pm
seema: The periodic table of search engine optimization parameters #i202 http://t.co/qq36loD1 7:34pm

[more...]

Info 202 F12

User login

Navigation

Password Security and Hackers

Recent Tweets