Tag error: <txp:tru_tags_if_has_tags> ->  Textpattern Warning: tag does not exist while_parsing_page_form: archive, default
/commentable: Cracking Passwords, briefly - one
Dinarius = digital interest
13 December 2013

Cracking Passwords, briefly - one

Theory: Imagine being asked by a street performer to pick a card. Any card. Memorize it, then put it back in the deck of 52 cards. The street performer then shuffles and shuffles the cards and miraculously produces a card and asks if that was your card. It is! How’d they do that?

Parallel: Imagine being asked by a website to choose a password; a password with at least one number and one uppercase letter, verify that password then submit it. A page or two of code shuffles up that password and gibberish appears representing that password. An internet security specialist tests their password cracking software against that gibberish and, miraculously produces your password! How’d they do that?

A password that appears as gibberish is called a hash – it’s not gibberish. It’s been shuffled and had extra stuff added to it like putting that card back in the deck. Sometimes, the extra stuff added to it includes a little eight character string called a Salt; so it’s then called a salted hash. Shuffling cards to produce a magic trick is actually a massive study in mathematics; the shuffling is nowhere near as random as it appears to be. This is why it’s the perfect example for hashing a password, or salting a hash.

What we know for sure is that password MUST be 100% readable if it is ever supposed to be used to log someone in to a service. That means other software can read that password if it knows the hash type, if a Salt has been used and some other goodies. This isn’t cheating; the street performer knows you picked only ONE card and there are 52 cards in the deck – math does the rest.

Importance: These days, if something happens to keep someone offline permanently or for an extended period, their online presence lingers making things uncomfortable for friends and family who can do nothing to update profiles or websites to reflect events or deliver a message to others on that person’s behalf. Often, an internet security specialist is the only one who can offer any kind of closure in the most extreme cases; it’s a niche service that the always-on Internet has created.

Favorite's the ARTICLE, not the SITE.