Join Lisa Bock for an in-depth discussion in this video Solution: Password strength tests, part of Essentials of Cryptography and Network Security.
- View Offline
(musical tones) - Welcome back, well, how did you do? Were you surprised at how weak some of those passwords were? Let's just take a look, I'll put in a couple that we added on the list. Now first of all, notice that I unchecked Hide, so I can see the passwords, and I'll put the first one in, 123456. Well, we see the complexity is Very Weak, well, we know that, but down below, I'll scroll down, and we can see that we added a little bit because of the number of characters, but you can see the deductions showing that there really is a lot of problems with this.
There's only numbers, they're not uppercase or lowercase, and also, you see that consecutive numbers isn't really good either. So, let's go and do another one. I'll take this off, and let's type password. Alright great, look, we doubled our score, but why? Well, first of all you see that password had a couple of additional characters, so that addition added a couple of points. It showed there were other weaknesses though, only letters, not uppercase, lowercase, no numbers, we could do better.
Let's just do one more from that list, I'll take this off, and we'll try qwerty. Alright, 8%, and as you can see, this is about the same. We still don't see enough characters, also, there are only letters, and there are no numbers or uppercase. Could we do better? I think so. Let's just take a look at an example of how complexity adds strength. Now I'm gonna show you a password, I'm gonna just take this off, and I'm gonna type marley.
Alright, we see that it is an 8%, very weak, it is a word possibly that I might use, but can I do better? Let's add some more complexity. What I put in there was MarleytheDog4me#! Wow, we have a result of 100%. As you see, it is Very Strong, but let's take a look down below, we see a lot of characters, there were not many deductions, so in general, that was a nice, strong password.
Now, let's take a look and compare when we're looking at simple passwords and what happens. I'm gonna go to this hash creator, and I'm gonna create a hash using that password that we started out with, marley. Alright, now here is the result of the hash, now I'm gonna copy this, now we're gonna see the strength of this. I'm gonna go to Hash Killer, and I'm gonna show you what happens when I put this hash in, and ask for it to break the hash.
Down below, I have to do a captcha. Well, we could see that it was able to crack the hash fairly quickly. As you can see, there is my password on the right-hand side, marley. Well, could we do better? Yes. Now, we're gonna go back in and we're going to put in the more complex password, MarleytheDog4me#!, and as you see, I have a # and an !, now let's do a hash. And I'm gonna take this hash, we're gonna copy it, and now we'll go back over to the hash decrypter, and put it in here.
And we have to go back over, and put in our captcha again. I hit Enter for Submit, and we wait just a few seconds, as you can see, this password was not found. Failed to find any hashes, that's great. So, as you can see, length and complexity really add to the strength of a password. I hope you enjoyed this challenge.
- Understanding why encryption is necessary
- Comparing passive and active network attacks
- Reviewing the terminology and history of cryptography
- Using symmetric encryption
- Dissecting block and stream ciphers
- Dissecting the public-key algorithms
- Creating key pairs
- Understanding passwords, hash, salt, and rainbow tables
- Exploring Secure Sockets Layer
- Investigating email and IP security