Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
Password
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Rate at which an attacker can try guessed passwords=== The rate at which an attacker can submit guessed passwords to the system is a key factor in determining system security. Some systems impose a time-out of several seconds after a small number (e.g., three) of failed password entry attempts, also known as throttling.<ref name="NIST-SP-800-63-3" /> {{rp|63B Sec 5.2.2}} In the absence of other vulnerabilities, such systems can be effectively secure with relatively simple passwords if they have been well chosen and are not easily guessed.<ref>Stuart Brown {{cite web |url=http://www.modernlifeisrubbish.co.uk/top-10-most-common-passwords.asp |title=Top ten passwords used in the United Kingdom |access-date=14 August 2007 |url-status=dead |archive-url=https://web.archive.org/web/20061108094949/http://www.modernlifeisrubbish.co.uk/top-10-most-common-passwords.asp |archive-date=8 November 2006 }}. Modernlifeisrubbish.co.uk (26 May 2006). Retrieved on 2012-05-20.</ref> Many systems store a [[Cryptographic hash function|cryptographic hash]] of the password. If an attacker gets access to the file of hashed passwords guessing can be done offline, rapidly testing candidate passwords against the true password's hash value. In the example of a web-server, an online attacker can guess only at the rate at which the server will respond, while an off-line attacker (who gains access to the file) can guess at a rate limited only by the hardware on which the attack is running and the strength of the algorithm used to create the hash. Passwords that are used to generate cryptographic keys (e.g., for [[disk encryption]] or [[Wi-Fi]] security) can also be subjected to high rate guessing, known as [[password cracking]]. Lists of common passwords are widely available and can make password attacks efficient. Security in such situations depends on using passwords or passphrases of adequate complexity, making such an attack computationally infeasible for the attacker. Some systems, such as [[Pretty Good Privacy|PGP]] and [[Wi-Fi Protected Access|Wi-Fi WPA]], apply a computation-intensive hash to the password to slow such attacks, in a technique known as [[key stretching]].
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
Password
(section)
Add topic
