You gotta start scratching your head a bit when the Dept. of Defense gets its Twitter account hacked and issues an internal directive to change social networking passwords.
Not obvious to me why the DOD even has a Twitter account, and laughably frightening that they didn’t already have a policy for frequent password changes.
The fiasco reminded me of a competition to see how long it would take uber-hackers to crack 15,000 15-character passwords
Let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.
Here’s how long it takes to crack them …
According to the Daily Mail, given a 1 –hour time limit, a team of hackers cracked more than 14,800 cryptographically hashed passwords – from a list of 16,449 – as part of a hacking experiment for tech website Ars Technica.
That’s a 90% success rate … almost 250 passwords per minute … about 1/4th of a second per password.
How did they do it?
A mixture of brute-force attempts, wordlists, statistically generated guesses using Markov chains, and other rules to turn a list of hashed passwords into plain text.
The brute force part was accomplished using a 25-computer cluster that can cracks passwords by making 350 billion guesses per second.
For tech details, see the the Daily Mail article.
The process and capabilities are fascinating … and mucho scary.
How many of us have a 16-character passwords?
If the over-under is 1, I’m betting the under.