We all know that using dictionary words for passwords is not smart and passwords using just dictionary words can be cracked in seconds. The most common passwords, no joke, are “password” and “1234.” Yes, people are that stupid.
Steve Gibson, the president of Gibson Research Corporation (GRC), recently talked about on his show Security Now (on Leo Laporte’s TWiT Network) a new tool he’s developed called Password Haystack.
The site states:
Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered.
If every possible password is tried, sooner or later yours will be found.
The question is: Will that be too soon . . . or enough later?This interactive brute force search space calculator allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search.
This is a great tool and because I can hear some of my paranoid friends crying foul, Steve is extremely trustworthy. To try out your password and see how hard it is to crack, you’re going to have to type it into the calculator.
This calculator is designed to help users understand how many passwords can be created from different combinations of character sets (lowercase only, mixed case, with or without digits and special characters, etc.) and password lengths. The calculator then puts the resulting large numbers (with lots of digits or large powers of ten) into a real world context of the time that would be required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet.
Now if you’re smart, you should have multiple passwords for different accounts. Either way, Steve is not mining your passwords, nor will he have any idea what that “password” belongs to.
To listen to the excerpt from the Security Now podcast where Steve Gibson explains the Password Haystack Calculator click on one of these links:
- 37 minute, high-quality, 64kbps MP3 audio file, 17.9 MB
- 37 minute, lower-quality, 16kbps MP3 audio file, 4.47 MB
So I haven’t written on the blog for a while. Life’s been busy, to say the least. A few weeks ago 
So the good old British are sure a funny lot. Take a look at this video:
