59% of passwords hacked within an hour by skilled hackers.

TLDR:

Researchers found that 59% of real-world passwords could be cracked within an hour using modern GPUs and technical knowledge.
Password hashing with salt can significantly increase password security by creating unique combinations for each user.

In a survey conducted by researchers, it was discovered that a worrying 59% of real-world passwords leaked on the dark web could be cracked within an hour using just a modern graphics card and some technical knowledge. This highlights the weakness of many real-world passwords and the effectiveness of brute-force attacks with GPUs. Password cracking involves retrieving the original password from its hashed form, which is traditionally stored in plain text, making them vulnerable to data breaches. Modern systems use hashing algorithms like SHA-1 to convert passwords into unique, fixed-length hash values to enhance security.

To address this vulnerability, password hashing with salt incorporates a random data string (salt) before applying a hashing function, creating unique password-salt combinations for each user. This method significantly increases the difficulty of cracking passwords and renders pre-computed rainbow tables ineffective for attackers. Modern GPUs, such as the RTX 4090 paired with hashcat, can analyze billions of hashes per second, making password cracking faster and more efficient.

Using a combination of brute-force and smart-guessing algorithms, researchers were able to crack 45% of passwords in under a minute and 59% within an hour. Smart-guessing algorithms prioritize common character combinations, emphasizing that cracking all passwords in a database takes roughly the same time as cracking one due to the database of hashed passwords. Password cracking algorithms leverage human predictability and biases, making passwords containing common phrases, dates, and patterns vulnerable to dictionary attacks.

Overall, it is crucial to use strong, unique passwords and avoid basic substitutions or popular words to enhance password security and protect against hacking attempts. Implementing password hashing with salt and avoiding common character combinations can significantly reduce the risk of password cracking and data breaches.

Post Views: 73

Latest from Blog

SDCOE praised for leadership, support, and innovation in cybersecurity

TLDR: San Diego County Grand Jury commends SDCOE for leadership in cybersecurity in K-12 education SDCOE provides resources, guidance, and cybersecurity solutions to county school districts A recent report by the San

EU’s tough cyber rules threaten massive fines and business suspensions

TLDR: The EU’s NIS 2 becomes enforceable on Oct. 17, imposing tougher cyber regulations on companies. Companies could face hefty fines or service suspensions for violations under the new law. Companies in

Financial sector prime target for DDoS attacks, Akamai study finds

TLDR: – Financial services sector remains the top target for DDoS attacks for the second consecutive year – APJ region faces significant cybersecurity challenges with a high threat score for phishing A

Watch out for serverless architecture’s cybersecurity risks for businesses

Serverless Architecture and Cybersecurity Risks TLDR: Move towards serverless architecture presents new security challenges Threat actors are exploring vulnerabilities in serverless environments Today’s cybersecurity landscape is rapidly evolving with the adoption of

Ivanti alerts on exploited CSA vulnerability in recent cyber attacks

Article Summary TLDR: Ivanti warns of critical Cloud Services Appliance (CSA) flaw being exploited in attacks Threat actors are exploiting CVE-2024-8963 admin bypass vulnerability to access restricted functionality Ivanti Warns of Another

Beware Vanilla Tempest hackers target healthcare sectors, Microsoft alerts

TLDR: Vanilla Tempest, a ransomware group, is targeting healthcare organizations in the US using a new ransomware strain called “INC.” The attackers use tools like Supper backdoor, AnyDesk, and MEGA to further

Internet baffled by mysterious ‘Noise Storms’ stumping experts

TLDR: Internet intelligence firm GreyNoise has been tracking large waves of “Noise Storms” containing spoofed internet traffic since January 2020 The purpose and origin of these noise storms, suspected to be covert

Top 20 Linux Admin Tools for 2024

TLDR: Top Linux Admin Tools in 2024 Key points: Linux admin tools streamline system configurations, performance monitoring, and security management. Popular Linux admin tools include Webmin, Puppet, Zabbix, Nagios, and Ansible. Summary

Evergy chooses OneLayer Bridge for private LTE network management and security

TLDR: Evergy has selected OneLayer Bridge for private LTE network management and security in a multi-year deal. The platform will help manage and secure thousands of devices on Evergy’s private LTE network,

Bogus job tempts aerospace, energy workers

TLDR: A North Korean cyberespionage group is posing as job recruiters to target employees in aerospace and energy sectors. Mandiant reports that the group uses fake job descriptions stored in malicious archives

Suggestions

59% of passwords hacked within an hour by skilled hackers

Latest from Blog