Skip to main content


Showing posts from 2019

Security by Incompetence: Why your password isn't the problem

User error may be the most common reason people get hacked, but there are many more factors at play. Many security experts claim that user error is the most common way people get their accounts compromised. This has been a common stance on security, and is entirely correct - a weak password will ruin your day as soon as someone decides they're interested in you, at least, enough to let one of their computers sit for a few hours guessing the passwords you thought were secure.

For example, the rules of secure passwords are generally considered to be:
A good password is 8 characters or longerA good password should use both uppercase and lowercaseA good password should use letters, numbers, and symbolsA good password should not contain an English word or phraseA good password should not be your username, or any public information about you  According to these rules, we can look at some of the common ways people write passwords, and see how secure they are. Many "secure" pass…

Hashes and passwords: Not quite as oversimplified

An overly technical brief introduction to hashing and passwords
I've been spending too much time on HackForums lately (and it hasn't even been a full day), explaining stuff like zero-days, hash-cracking, anonymity and secure deletion, wireless hacking, and reverse engineering. One recurring theme I've already seen is relating to password hashes and what they are.

People often think of hashes in the same terms that they think of encryption - encryption takes data and makes it unreadable, and hashes do much the same. The problem is that although they operate in much the same way and do, for the most part, the same thing at the overview level, they're 2 entirely separate things.

What are hashes? To understand what we're really saying when we say "crack a hash" you need to understand what they are, and what the differences are between hashing and encrypting information.

Encryption is meant to hide data from anyone without knowledge of some secret value (aka …