Solved

How much secure is a password conting a repeted two 7-digits with a letter between?

Posted on 2006-07-02
17
407 Views
Last Modified: 2011-04-14
How much secure is a password conting a repeted two 7-digits with a letter between? example :6095283r6095283 .
0
Comment
Question by:brokenlove
  • 3
  • 3
  • 2
  • +7
17 Comments
 
LVL 14

Assisted Solution

by:FriarTuk
FriarTuk earned 50 total points
ID: 17027126
if it finds the hash for either side (ie the #'s), then the other side will be instant & 1 letter is easy

a good pswd shoulb be 8 digits or more
has combo of letters (upper & lower), numbers, & special characters (with out any known words in a dictionary -nor names or personally related #'s like phone, addr, etc)

ex:  iculo0kn@mE2
0
 
LVL 79

Assisted Solution

by:lrmoore
lrmoore earned 100 total points
ID: 17027374
According to "experts" there is no correlation between complexity and difficulty to break. The *only* relative criteria is password length.
Example:
"My mother was born in March"  <== yes spaces can be used in a passphrase
With 27 characters is much more difficult to break than any 15-digit password regardless of complexity or combinations of digits, numbers, letters, capitals, or other
Myg00DPa$$w0rD at 14 characters with combinations of lower case, uppper case, numbers and other ($$) is more likely to be cracked than a 16 letter passphrase that is easy to remember.
 
0
 
LVL 12

Assisted Solution

by:public
public earned 50 total points
ID: 17028123
>According to "experts" there is no correlation between complexity and difficulty to break.

Maybe if an algorithmic method is used. On the other hand the passphrase may be broken quickly using social engineering methods if you have used a similar strategy before.
0
 
LVL 15

Assisted Solution

by:Ryan_R
Ryan_R earned 100 total points
ID: 17028152
if you use an 8 character password that's not a dictionary word (has letters and numbers and characters) it will take approx 59 years for a pc to figure it out (year 11 exam knowledge here)

i doubt that the password is secure now that weve all seen it     ;-)

also make sure that you can remember it
0
 
LVL 10

Assisted Solution

by:fm250
fm250 earned 50 total points
ID: 17028264
It also depends on your OS, so if you have linux box only first 8 chars are used in the password, the rest are ignored.
- The best practice however is to have mixed of letters and numbers and spcicial charaters and easy for the user to remember for example: Fr33b1rd = free bird.
- make sure that you train your users to not to send their password through emails or post them to thier screens.
- always moniter security logs and services
- don't allow week passwords, remember that hackers start from nothing then using any user account, then get to admin or root user

- always update your software and services, since most hackers don't actually run password crakers for years, but instead uses flows and bugs to get to admin account easily.


hope this helps!
0
 
LVL 23

Assisted Solution

by:Erik Bjers
Erik Bjers earned 50 total points
ID: 17028642
It's been said, but I'm going to say it again... a password with a repeated 7 digits with a letter between is not secure.

I also agree that a combo of at least 3 of the character types is a good idea (CAPITAL, lowercase, numbers 1234..., special chars !@#$%^&...) is important.  Also avoide dictonary words or phrases as these are easier to crack.  Replace letters with other characters like; a=@ or &, e= 3, c=(, i = ! or 1 and so on.  This makes passwords easier to remeber but harder to crack.  Also come up with your own letter - char combos, and don't replace every letter with a char (if you have 2 a only replace one of them).

All this will give you a secure password.

ex: P&$$uu0rD is a strong password (I woulden't use it... but gives you some ideas on char replacment)

eb
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 17028671
a rainbow will have the 7 numbers hashed, indeed which will make finding the hash of the whole thing (15 characters) a breeze.  What is cool though is all the wasted time trying 9 digits, then 10 then 11, 12,13,14...
on my cracker (dual P4 2.8) that would add about 2 days.
0
 
LVL 44

Assisted Solution

by:scrathcyboy
scrathcyboy earned 50 total points
ID: 17028800
If you added 2 more letters and two capical letters into that mainly number string, your password would count as MAXIMUM encrytion security on the mocrosoft scale of login password security.  As it is now, with only one letter in lower case, it only qulaifies for "low" strength encryption.  Two more lower case, makes it "medium", and add 2-3 upper case letters, and it now makes "maximum" strength encryption.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17028808
OH and BTW, sorry to disagree with you all above, but MS has debugged the most secure passwords, and they include a serious number of upper and lower case letters in addition to numbers, so all the comments above, about password length is the "only" consideration, to "it doesnt matter", sorry to say you are all wrong, even lrmoore -- according to microsoft.  And after all, MS is right, so how can we mere contributors question what microsoft has delivered to us ?
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17028809
I would only use the string of numbers once, or atleast reverse the second string.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 17028821
Agree with scrathcyboy, length is not the only important factor use of complexity is very important.

eb
0
 

Accepted Solution

by:
stalkerz earned 50 total points
ID: 17029751
Having a password that is long and complex is the best option. A brute force password cracker will always start testing passwords with say: AAAAA then AAAAB, AAAAC and so forth till it run's through the alphabet, numbers etc.
So say it takes 5 hours to get to APPPP when brute forcing, then it would take much longer to get to AZZZZ right.
From this I would say a good rule of thumb is when using letters, to try use one's that are near the end of the alphabet, this will increase the time it takes to brute force your password.
0
 
LVL 18

Expert Comment

by:carl_legere
ID: 17030177
interesting that the definative source of authority on passwords, according to Scrathcyboy is.. ah hem Microsoft?
0
 
LVL 5

Expert Comment

by:NAORC
ID: 17030804
http://www.securitystats.com/tools/password.php

use this tool to check the strengths of your password.
0
 
LVL 10

Expert Comment

by:fm250
ID: 17031894
Don't use the above link provided by NAORC for real password though. you may be  at risk if somebody is capturing the bakets. use it for test and read the rest of the page, the DO’S and DONT’S. it gives you the guidlines
0
 
LVL 44

Expert Comment

by:scrathcyboy
ID: 17033003
you are appreciating my dry sense of humour, Carl :)
0
 
LVL 15

Expert Comment

by:Ryan_R
ID: 17046868
on behalf of everyone who is sleeping on the other side of the world right now (or at least should be sleeping) thanks for the points
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

What is IRC? IRC (Internet Relay Chat) is a form of communication between multiple users. It is available freely to anyone with inernet access. IRC is a great way to communicate with others e.g. There is an IRC channel for Ubuntu Linux, which is fo…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now