Is your password_safe_ss
-
Upload
jennifer-young-boyd -
Category
Documents
-
view
283 -
download
0
description
Transcript of Is your password_safe_ss
AgendaQuiz ResultsPlease Ask Questions AnytimeWhat is Encryption?What is a Password?Breaking PasswordsHow long to break passwords?Lesson from MistakesWhat can you do?
Password Quiz
Do you share passwords between accounts?60% of you share passwords
What is the length of your longest password?Average 11
Does your password have upper case, lower case, digits and symbols?20% have all four types
Where do you store your passwords?40% in head
What is Encryption?
Encryption ExampleI AM SPARTA
42 11 23 34 53 11 24 44 11
1 2 3 4 5
1 A B C D E
2 F G H I/J K
3 L M N O P
4 Q R S T U
5 V W X Y Z
Two way Encryption
Why Encrypt?
One way EncryptionI AM SPARTA
12 11 23 31 23 11 21 13 11
1 2 3
1 A/D/Q B/E/R C/S
2 F/I/J/V G/K/W H/X
3 L/O/T M/P/Y N/U/Z
What is a Password?
What is a Password?
Sample Password File
Username
Plain Password
Encrypted Password
Alan babygirl e5e9fa1ba31ecd1ae84f75caaa474f3a663f05f4
Becky monkey f5e9ft1bh3tecd1ae84f75caka567
Edna Lovely Klkj3563kjllyuai5678qprzbzz
Yan Password d1ae84f75cakKlkj3563e84f75caka474
Bill iloveyou ba31ecd1ae84f75cae84f75caka474
Breaking Passwords – Only Digits
1
10 x 10 x 10 = 1000
000, 001, 002, 003….999
How many combinations are there?
How many combinations are there?10 Digits
Length Combinations
2 100
3 1000
4 10,000
5 100,000
6 1 Million
7 10 Million
8 100 Million
Breaking Passwords – Upper Case Letters, Lower Case Letter, Digits & Symbols
1
Upper Case = 26Lower Case = 26Digits = 10Symbols = 34Total = 96
How many combinations are there?
1
96 = 9696 x 96 = 9,21696 x 96 x 96 = 884,736
How many combinations are there?
How many combinations are there?96 Characters - Mixed Alpha, Digits &
SymbolsLength Combinations
2 9,216
3 884,736
4 85 Million
5 8 Billion
6 782 Billion
7 75 Trillion
8 7.2 Quadrillion
13 58.8 Septillion
Zero’s Names
3 Thousand
6 Million
9 Billion
12 Trillion
15 Quadrillion
18 Quintillion
21 Sextillion
24 Septillion
Class A - Fast PC, Dual Processor PC
10,000,000 Passwords/sec
Class B – Workstation, Multiple PC’s
100,000,000 Passwords/sec
Class C – Supercomputer
1,000,000,000 Passwords/sec
How long to break passwords?10 Digits
Length Combinations Class A Class B Class C
2 100 Instant Instant Instant
3 1000 Instant Instant Instant
4 10,000 Instant Instant Instant
5 100,000 Instant Instant Instant
6 1 Million Instant Instant Instant
7 10 Million Instant Instant Instant
8 100 Million 10 secs Instant Instant
How long to break passwords?96 Characters - Mixed Alpha, Digits &
SymbolsLength Combinations Class A Class B Class C
2 9,216 Instant Instant Instant
3 884,736 Instant Instant Instant
4 85 Million 9 secs Instant Instant
5 8 Billion 14 mins 2 mins 8 secs
6 782 Billion 22 hrs 2 hrs 13 mins
7 75 Trillion 87 days 9 days 20 hrs
8 7.2 Quadrillion 23 yrs 3 yrs 84 days
13 58.8 Septillion 186M yrs
18.6M yrs
1.86 M yrs
Class Z – Wrench
How long to break passwords?
Lessons from Mistakes
A fool never learns from his mistakes. A smart man learns from his mistakes. A wise man learns from the mistakes of
others.
Rockyou.com rocked by SQL flaw
Rockyou.com rocked by SQL flaw
32 million accounts were stolen
Password Length DistributionMust be at least 550% less than 8.30% less than 7.
Character Type Distribution60% used single type & less than 4% used
symbols
Common Passwords20% used 5000 most popular passwords
Where do you store your passwords?
What can you do?
It should contain at least thirteen characters.
It should contain a mix of four different types of characters – upper case letters, lower case letters, digits, and symbols
It should not be a name, a slang word, or any word in the dictionary. It should not include any part of your name or your e-mail address
Use different passwords for all your accounts.
What can you do?
If all of this sounds too hard to remember, then consider using a Password program.
Most of the good password programs will not only store your passwords on your computer, but they’ll generate completely random passwords when you need one.
Here is one to try: http://passwordsafe.sourceforge.net/