[virusinfo] Password length, key to security - 6-07-05
- From: "Mike" <mikebike@xxxxxxxxx>
- To: virusinfo@xxxxxxxxxxxxx
- Date: Tue, 07 Jun 2005 09:08:17 -0700
From; Panda Oxygen3:
"A weak man has doubts before a decision,
a strong man has them afterwards."
Karl Kraus (1874-1936), Austrian author and journalist
- Password length, key to security -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, June 7, 2005 - The passwords used to validate users in different
systems must be set with great care, as if the password is not
well-constructed (what is normally referred to as a weak password) it can
be easily guessed.
One of the key considerations when defining a password is the length. The
longer the password, the more difficult it will be for an attacker to guess
it. Therefore, an alphanumeric password that were only three characters
long would be very easy to guess, as an attack would only need to look for
a very limited number of combinations, around 50,000 different combinations.
However, to guess a password that is eight characters long and includes
both letters and numbers, an attacker would have to try billions and
billions of different combinations, which would most probably cause the
attacker to give up.
In spite of this, incredibly weak passwords are still being used every day
in critical validation systems. For example, PINs (Personal Identification
Numbers) used to access automatic telling machines are usually restricted
to 4 numbers, limiting the number of unique PINS to 10,000. The same
happens in cell phone systems, which are usually secured with short PINS,
also four digits long.
This problem is demonstrated by the case of Bluetooth devices. According to
Yaniv Shaked, of the School of Electronic Engineering at Tel Aviv
University, an attacker could interfere with the connection between two
Bluetooth devices and guess a four digit PIN in just between 3 tenths of a
second and 6 hundredths of a second.
This study, which will be presented at MobiSys in Seattle which will be
held from June 6 to 8, shows the high risk of Bluetooth devices due to
their lack of security, including badly constructed passwords. This study
is available at: http://www.usenix.org/events/mobisys05/tech/shaked.html.
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.
------------------------------------------------------------
The 5 viruses most frequently detected by Panda ActiveScan, Panda
Software's free online scanner:
1)Qhost.gen; 2)Netsky.P; 3)Mhtredir.gen; 4)Sdbot.ftp; 5)Shinwow.E.
------------------------------------------------------------
To contact with Panda Software, please visit:
http://www.pandasoftware.com/about/contact/
------------------------------------------------------------
*********** MIKE"S REPLY SEPARATOR ***********
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance and OWTA Charter Member
Other related posts:
- » [virusinfo] Password length, key to security - 6-07-05
