15. October 2009 15:30
Strong passwords pose a challenge for web users. They need it to avoid hackers cracking it and then accessing and steaing their data. We at Finjan have covered this subject various times. Research shows that between 40 and 78 per cent of passwords are susceptible to dictionary attacks. Although not a magic bullet, a strong password does help users to remain safe.
It’s not only cybercrooks who want to crack passwords – employers and law enforcement can have legitimate reasons to do so. Elcomsoft is a manufacturer of state-of-the-art computer forensics tools in use by enterprises, law enforcement, military, and intelligence agencies.
They recently launched a new application, that updates its Distributed Password Recovery (DPR) technology with dictionary attacks and a password cache, allowing near-instant `recovery' of strong encryption keys.
What's fascinating about the password cache is that it automatically stores all discovered passwords, unlocking other documents protected with the same password, in real time.
The idea behind the enhanced DPR software is that it "will help forensics and government authorities to combat and prevent criminal activities by unlocking up to 40-50 per cent of protected documents in real time."
What it means is, that the software can significantly reduce the time required to access information protected with strong encryption algorithms and long, complex passwords. It attacks the weakest link, thus decreases time required to recover strong encryption algorithms.
What is the weakest link? According to Elcomsoft, computer users tend to use the same password to protect various types of information. By cleverly storing all passwords DPR discovers in a separate dictionary, it recovers other documents protected with the same password.
What we can learn from Elcomsoft is, that we need to have strong and unique passwords for each of our online accounts. And of course we need to be aware of any phishing attempt that entices us to submit our passwords!
Subscribe