Wednesday, January 4, 2012

Does the leaked Stratfor password list speak positively for security awareness?

10% or 81000 passwords from the Stratfor password list were cracked in five hours using a simple password cracker and desktop computer reported the Tech Herald (Report: Analysis of the Stratfor Password List by Steve Ragan - Jan 2 2012). The simple fact is that password holds the key to the vault and a strong and secure password is the foundation of a secure system. A strong password is a function of an individual’s security awareness and psyche, as it is difficult to create and remember multiple passwords.

A positive aspect is that 90% of the passwords were not broken in less than 5 hours. These will eventually be broken because of the way the password was stored (plain hash and not further encrypted or salted, for the more technically inclined). From a technical perspective it’s a crucial flaw but from a security awareness perspective, individuals seem to have done a fairly good job on password creation. The fully decoded password list will tell the real story and we will soon know whether my deduction was correct.
The passwords which were cracked varied in length from 6 to 23 characters, were alphanumeric, and suffered from the following flaws:
  • Used common words and phrases
  • Used names of teams, words from religious text, computer phrases, and so forth
  • Used common names
  • Used passwords list available from previous breaches
Related Reads

No comments:

Post a Comment