Thursday, February 14, 2013

The story of a "strong" password: How exactly a strong password is "unhackable"?

This might as well be the least asked question but we still do it!! We all prefer keeping long and complicated passwords with digits, symbols, punctuations etc. only knowing a plain reason which not many understand (but still know) that "It makes the password STRONGER!"....Ever wondered as to "How can a password be STRONG?? "...If not, there's no need to because the answer lies below...

What does a strong password mean?
Well technically even a nine year old can give this answer- A strong password is difficult to guess, hack, decode, decrypt and other geeky shit!
The answer is pretty correct! There's nothing more to add to it! And having such a password is very likely to enhance the security of your account!

So how come it's so difficult to hack a 'strong' password?
Before you start reading this section, make sure you know a teeny-weeny bit about encryption. If you don't, just scroll through a recent mini article that I've written: Click here just the basics.....

So here's the thing. Hackers usually approach a password by guessing it (It rarely works). So with such a complicated password ...there is an absolute zero chance of merely mind guessing it. So the next thing they do is intrude the servers of the very website holding your account and try to find your password (Because they are 100% sure it's in there)....But even in the servers, the passwords of all the users go through some whacky encryption until they reach to their spot!

And as you know about encryption algorithms, they ain't no pieces of cakes too! Most websites nowadays use algorithm like MD5, Which is well known as "The one way encryption" Heck Yeah! You can encrypt something to md5 easily but decryption can only be done by the almighty creator of mankind! (That means it cannot be decrypted directly). Some chaps might be laughing because I mentioned about Brute Force guessing in some previous articles but that can take CENTURIES to decrypt an md5 key.That is because any md5 key needs a "match" or a "reference" and the website gets its reference key when user enters the password during log in. And a strong password has infinite possibilities and there are no references even in the website's server.

And that is the reason you should not keep a single word or a phrase password like "Hello" because this is an easy word and the hacker can approach the md5 key by simply matching  a list of common dictionary words which are easily available even on the internet! This means 'Hello123' is many times stronger than 'Hello'. As seen clearly, a simple word list cannot solve a complicated password, and creating a word list with every possible combinations and lengths of letters, symbols and numbers is next to impossible even if done by a computer (A normal one). For that we'll need a huge "supercomputer" (Like TRANSLTR in Dan Brown's novel- Digital Fortress ) which will take another billion dollars to build. Such word lists with all possible combinations of a certain set of characters are called "Rainbow Tables"....Rainbow tables with all combinations can only be achieved by some supercool organizations like CIA, FBI or something! You might find some results of Googling "rainbow tables", most are fake and the others are limited....such tables cost millions of dollars and can never be Open Source...

However strong the password is, cheap tricks like extortion, phishing, Keystroke Logging  still prevail....I've got some tips for that:
1. Change your password if you have logged in at your friend's house of at an internet center after coming at your home computer.
2. Never trust pages that ask for your facebook/google/other password. If they do make sure that there is 'https://' in that site.....

That'll be it!