How passwords *REALLY* work!
She CLAIMED that computers are so fast today that they can crack entered passwords in less than an hour. And she claims we MUST go to biometrics! ***************WRONG****************!
1. Password cracking does NOT work like in terminator, etc.....
2. There are strategies in place to FRUSTRATE it!
3. ONE feature in UNIX that MIGHT allow the technique she mentioned existed for over a decade. The problem? It was removed about 30+ ******YEARS******* ago!
OK, FIRST, she claims a computer that could try a trillion passwords a second could crack a 1 trillion potential combo in a second. *******WRONG******* WHY?
You NEED the hash, as was present in UNIX over 30 years ago, to test the password! If you don't have that, you must REALLY TRY it! That means trying out MAYBE 1 password a second! OK, the 1 second success now could take as long as 31709 YEARS!
SECOND, many systems today allow limited attempts! At the company I was just at, they allow TWO failures! Fail three times, and NO password will work!
THIRD, there is often some other gadget! One place I was at required a special cert. The last place, if logging on remotely, had an RSA fob. That meant you had to enter ANOTHER special password and a 6 digit number that was only valid for a minute! After a minute, the number was no good anymore. At one company, I setup modems to not respond unless a special string was typed in.
SO, she WAS right IF you had the hash! If you DIDN'T have the has(and you usually DON'T), FORGET IT!
So HOW do people break in? Well, my account HERE was "hacked" a while ago. It was a LOW security password I used elsewhere, has been used on other systems, and this site allows you to keep trying! In the over 30 years I have used passwords, it was the FIRST one cracked! There is also sniffing, vuruses, keyloggers, and trojans.
As for biometrics? They are *****FAR****** from accurate. They HAVE to be! Take fingerprints. Dirt, cuts, abrasions could interfere. Besides, fingerprints aren't taken the exact same way each time. AFIS is a "fingerprint matching system". It is INCREDIBLY fast! HOW? Let me tell you a secret! It does NOT match fingerprints! The fingerprints are broken into groups, and each is numbered. It uses THAT to find candidates. Eventually, a PERSON compares the fingerprints to see how close they are. So there is tolerance built into the system, and the result amounts to be a password that might be like 10-20 low digits. Frankly, the RSA system is likely more secure.
In wikipedia...
Fingerprint matching has an enormous computational burden. Some larger AFIS vendors deploy custom hardware while others use software to attain matching speed and throughput. In general, it is desirable to have, at the least, a two stage search. The first stage will generally make use of global fingerprint characteristics while the second stage is the minutia matcher. In any case, the search systems return results with some numerical measure of the probability of a match (a "score"). In tenprint searching, using a "search threshold" parameter to increase accuracy, there should seldom be more than a single candidate unless there are multiple records from the same candidate in the database. Many systems use a broader search in order to reduce the number of missed identifications, and these searches can return from one to ten possible matches. Latent to tenprint searching will frequently return many (often fifty or more) candidates because of limited and poor quality input data. The confirmation of system suggested candidates is usually performed by a technician in forensic systems. In recent years, though, "lights-out" or "auto-confirm" algorithms produce "identified" or "non-identified" responses without a human operator looking at the prints, provided the matching score is high enough. "Lights-out" or "auto-confirm" is often used in civil identification systems, and is increasingly used in criminal identification systems as well. |
.
.
Life: Nature's way of keeping meat fresh
Getting old ain't for sissy's
As you are I was, as I am you will be
You can't fix stupid, but you can always out smart it.
Banner Design - www.bannersmall.com
What if they're not stars? What if they are holes poked in the top of a container so we can breath?
"If you think you're the smartest person in the room, then you're probably in the wrong room."