Thursday , 17 April 2014
Technology News
Home / Reviews / Weakness of Password Hashing Security

Weakness of Password Hashing Security

About Author – This article is provided by HirePulse, the website for you if you are a contractor or consultant, or simply looking to hire one, here writing about Weakness of Password Hashing Security.

Previously, when various new hashing technologies were announced claims were made regarding the strength of them.

“It would take a supercomputer over a million years to decrypt a password of these rules and hashing function”

Would be a typical quote of a software salesman to pitch how excellent their product’s security is. The problem today is that this is no longer true.

 

Password Brute-forcing Attacks

There have been a number of sophisticated developments in password brute-forcing attacks, and many of them now exist in the hands of everyday consumers. Previously, brute-force attacks on strong password hashes were restricted to highly specialized cards with various cryptanalysis chips attacked in arrays, designed to break strong passwords in relatively short amounts of time. These devices were expensive and handcrafted by teams of experts.

Today, people have this power in their own computer. Most good graphics cards contain a GPU that is capable of sending many billions of attacks per second against a password hash. These are far beyond the capabilities of even the best CPUs on the market, as the onboard operations of the GPU are far better suited to the repetitive calculations required to process a brute force attack.

 

The Weakness of Password Hashing Security

There are also readily available and pre-made attack methodologies that can be readily downloaded from the internet, in the form of rainbow tables and the like.

 

What does Weakness Password Hashing Security means

1) Well, firstly it is more important than ever to limit physical access to the computers and servers that you own. This has always been one of the easiest methods of attack.

2) The second consideration is how important it now is to DIVERSIFY your passwords. There is a massively increased threat if a website owner, employee, or someone who has gained access to a site’s database and especially their password hash tables. A person with your password hash would often have great difficulty finding out what the actual password was if it was reasonably strong.

3) Nowadays, even the strongest passwords can be quite easily broken so if you are using the same password across multiple sites then the risk of serious personal loss increases dramatically. A hacker who knows your password to one site will undoubtedly then be able to access your emails, bank accounts, online shopping accounts, credit card information and the list goes on.

 

Holes In The More Common Password Hashing Algorithms Are Being Fixed

To conclude, holes in the more common password hashing algorithms are being fixed, but gone was the smug certainty on the impossibility of brute-forcing good passwords sent via the various 128-bit algorithms. Weaknesses in the algorithm, combined with massive boosts in processing power to the consumer (via the GPU), has enabled a potential legion of hackers willing to exploit the common user error of password recycling.

About Sandeep Kale

Sandeep Kale, Founder and chief editor of Tricks Window. He is a Software Engineer and a self developed blogger and designer behind Tricks Window. He lives in Pune, India. If you like This post, you can follow Tips And Tricks Window on Twitter OR Subscribe to Tricks Window feed via RSS OR EMAIL to receive instant updates.

2 comments

  1. I always suggest to use mixture of characters and numbers in the password.

    Great article.

  2. Sometimes back I got my gmail and paypal acc hacked via Password Brute-forcing Attacks.. Thanks for sharing such info with us.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>