Remember the “entire protection method” I mentioned in the previous chapter? If the vendor’s implementation has a single weak link (like, for example, using a strong encryption algorithm but only employing a single hash iteration to derive the encryption key from the user’s password), you may forget about secure passwords. Is there such a thing as secure password?
saved in your browser for faster access, and so can be easily obtained without the need to crack it. For example, if the entire protection method (which includes the encryption algorithm, the key derivation function and certain other things such as the use of salt) is strong and a properly strong password is selected, there may still be a chance that the same password is either re-used somewhere the protection is weaker, or that said password is stored somewhere, e.g. “Success rate” (if we can ever use this term) directly depends on the password length and complexity.Access to the data can be obtained regardless password length and complexity. You don’t need to actually break the password.How long does it take to crack the password? Cracking someone else’s data might be a criminal offence, but there is a huge gray area. In other words, cracking passwords is perfectly legal if you work with local data and the data is yours, or if you have the permission from the legal owner, or if you represent the law and follow the local regulations. Obviously, nobody can stop you from breaking your own password that you forgot however, if this password protect access to your data stored in some online service, it does not actually matter that the account is yours – you cannot legally break it. In general, passwords are used to restrict access to the data (and it is also important whose data it is, and who’s asking). There are a lot of vastly regulations in different countries some even make it illegal to hide the password from the authorities if they ask – like in France, the country of Liberté. There are those wearing tin foil hats, but there are a lot more people who can make a reasonable effort to secure their lives without going overboard. There are people who have “nothing to hide”. Making tools for breaking passwords, I am frequently asked whether it’s legal, or how it works, or what one can do to protect their password from being cracked.
0 kommentar(er)
