Waa wax caadi ah hadda, in aan dhammaanteen samayno annaga oo aan xitaa ka fekerin: samee furaha sirta ah ee ugu yaraan x xaraf, leh ugu yaraan hal lambar iyo hal calaamad oo aan ahayn magacaaga hore ama dambe. Haddi aad ku jirto shaqada ama abuurista Aqoonsiga Apple^{(Apple ID)} , shuruudahan sirta ah ee erayga sirta ah ee "xoog leh" ayaa meel walba yaal.

Ka dib markii aan abuuray furaha cusub ee goobta hal maalin, waxaan bilaabay inaan ka fikiro sida ay u kala duwan yihiin dhammaan shuruudaha. Goobaha qaarkood waxay rabaan furaha sirta ah ee aan ka yarayn 3 xaraf qaarna waxay xoojiyaan ugu yaraan 8. Qaar waxay rabaan calaamado, qaarna ma rabaan. Qaar baa dan ka leh magacaaga iyo furaha sirta ah ee hore, qaar kalena ma daneeyaan. Haddaba kee baa sirta ah run ahaantii xooggan?

Waxaan sameeyay xoogaa cilmi baaris ah oo aan ogaaday laba shay marka aad ka hadlayso qof “cracking” password kaaga: kow, waxaa jira xoogga eraygaaga sirta ah iyo marka labaad, waxaa jira xoogga sirta ah oo hashes erayga sirta ah gibberish marka la kaydiyo.

Waxaan si dhakhso ah u ogaaday in fikradda erayga sirta ah ee xoogga leh uu yahay mid xisaabeed oo waxaa jiray daraasado badan oo lagu sameeyay mawduucan. Midda dareenkayga soo jiidatay oo aan ku sheegi doono qoraalkan waxay ka timid daraasad 2011 Carnegie-Mellon^{(2011 Carnegie-Mellon study)} .

Tijaabi furahaaga marka hore

Kahor inta aynaan galin waxa uu yahay erayga sirta ah ee adag, aynu aragno inta ay qaadanayso in la jabiyo eraygaaga sirta ah ee la filayo. Si aan taas u hubino, waxaanu ku isticmaali doonaa qalab goobta PassFault :

https://passfault.appspot.com/password_strength.html

Waa kan sida ay u shaqeyso Waxaad ku qortaa eraygaaga sirta ah oo guji Analyze . Waxay leedahay laba ikhtiyaar oo si qarsoodi ah u qarsoon, laakiin waxaad riixi kartaa Show Options . Aynu sharaxno waxay ula jeedaan.

Cracking Hardware waxa ay u dhigantaa $900 weeraryahan sirta ah, taas oo ay suurtogal u noqon karto hackerka sharciga ah. Waxa kale oo ay ikhtiyaar u leeyihiin inay doortaan $180,000 weeraryahan sirta ah, kaasoo Shiinuhu^(Chinese) isticmaali karo haddii ay sidaas qaali tahay. Hoos- u-dhigga Ilaalinta Password-^{(Password Protection)} ka waxay ku siinaysaa dhawr ikhtiyaar oo nooca sirta ah ee loo isticmaalo in lagu kaydiyo erayga sirta ah. Nidaamka Windows ee Microsoft^{(Microsoft Windows System)} ayaa ah kan ugu liita, la yaab ma leh. Markaa waxaad haysataa Wireless WPA Access Point , UNIX SHA1 , UNIX Blowfish , iyo 100 wareeg oo SHA1 ah .

Waxaan isku dayay erayga sirta ah ee xoogga leh oo aan ku isticmaalo dhowr goobood waxaanan ka naxay markaan arkay in lagu jabin karo 1 maalin gudaheed!

Wow , taasi aad bay u xun tahay. Markaa ka dib waxaan doortay ikhtiyaarada sirta ah ee xooggan ( Unix Blowfish iyo 100 wareegyada SHA1 ) oo aad ayaan ugu faraxsanahay inaan arko natiijooyinku waxay qaadan doonaan wax ka badan hal maalin: 1 sano iyo 7 bilood Unix Blowfish iyo 2 bilood iyo 2 maalmood oo leh 100 wareeg oo SHA1 . Si kastaba ha ahaatee, iyada oo leh $180,000 weeraryahan sirta ah, waxay hoos ugu dhacday 11 maalmood iyo 3 maalmood, siday u kala horreeyaan. Lama aqbali karo ayaan is idhi! Waxaan rabaa in erayga sirta ah uu qaato sanado si uu u jabiyo xitaa adigoo isticmaalaya furaha sirta ah ee qaaliga ah. Laakin waa maxay habka ugu wanagsan maadaama aan isticmaalayo 9 xaraf oo sir ah oo leh nambaro iyo calaamad?

Maxaa ka dhigaya erayga sirta ah mid adag?

Tani waa halka daraasadda Carnegie-Mellon ay iftiimisay wax walba oo dhan. Asal ahaan^(Basically) waxa ay heleen ayaa ah in inta uu dheer yahay erayga sirta ah ee aad isticmaashid, uu sii xoogeysanayo. Tani macnaheedu maaha in erayga sirta ah ee dheer uu leeyahay calaamado ama nambaro badan, kaliya waa inuu dheeraadaa. 16 xaraf, waxa kaliya ee ay tahay inaad iska ilaaliso waa adeegsiga ereyo qaamuus oo aad u fudud.

Ma lagu qancin inay taasi suurtogal tahay? Goobta PassFault , isticmaal erayga sirta ah ee soo socda, kaas oo ah 15 xaraf oo aad u fudud in la xasuusto:

ilovemywifealot

Kadib, xulashooyinka, dooro $ 180,000 weerarka sirta ah oo dooro sirta ugu liidata ( Microsoft Windows ) waana tan waxa aad helayso:

1 bil iyo 7 maalmood! Taasi waa ka wanaagsan tahay in eraygaaga sirta ah lagu jabiyo 1 maalin gudaheed. Haddaba maxaa ka qaldan erayga sirta ah? Waa hagaag, sida muuqata, haddii eraygaaga sirta ah uu gaaban yahay, markaa waxaad u baahan tahay inaad isticmaasho calaamado badan, xarfo random, iyo lambaro si aad u xoojiso. Haddii ay dheer tahay, sida in ka badan 15 ilaa 16 xaraf, markaa uma baahnid inaad ka walwasho inaad ku darto dhammaan noocyada tirada iyo calaamadaha. Furaha sirta ah ee dheer, waxaad xitaa isticmaali kartaa erayo badan oo qaamuus ah walina aad bay u ammaan ahaan doontaa. Sida iska cad erayga sirta ah sida hellohellohello ayaa wali nuugi doona inkasta oo uu yahay 15 xaraf:

Way nuugtaa sababtoo ah waxay ku jiri doontaa qaamuuska oo waa isku eray saddex jeer. Furahaygii ugu horreeyay ee aan ku qirto jacaylka aan u qabo xaaskayga, jumladu waxay si dhakhso ah u bilaabataa inay u ekaato gibberish kumbuyuutarka mana jiro qaamuus dillaacsan oo leh weedhaas 15 xaraf ah. Qaamuusyadu waxay leeyihiin erayo qaamuus ah si aad uga fogaato ereyada qaamuuska tooska ah, waxaad ku fiicnaan doontaa inaad tagto. Furahaygu wuu fiicnaan lahaa haddii aan magaca xaaskayga ama naanays u isticmaalo beddelka ereyga “xaas”. Hel fikradda?

Sida cad, haddii aad ku dhex tuuri karto tiro calaamado erayga sirta ah ee dheer, markaas erayga sirta ah wuxuu noqonayaa mid aad u qosol badan. Tusaale ahaan, aan nidhaahno waxaan hor dhigay xaaskayga erayga sirta ah oo aan ku daray hal lambar. Markaa intee ayay qaadanaysaa in la jebiyo isla doorashooyin la mid ah:

^(Holy)sac quduus ah ! Markaa waxay ka soo wareegtay 1 bil iyo 7 maalmood ilaa 4 qarni iyo 1 toban sano ah. Haa qarniyo!! Hadda taasi waa furaha sirta ah ee sugan oo aad uma adka in la xasuusto. Haddaba iska hubi eraygaaga sirta ah adigoo isticmaalaya qalabkan bilaashka ah ee internetka oo haddii eraygaaga sirta ah uu dillaaco dhowr maalmood gudahood, waxaa laga yaabaa inay tahay waqtigii aad ka fikiri lahayd wax cusub, gaar ahaan macluumaadkaaga xasaasiga ah sida furayaasha bangiyada, iwm.

Xasuusnoow^(Remember) , in badan oo ka mid ah shabakadahan internetka ayaa mar walba la jabsadaa, markaa eraygaaga sirta ah waligiis ammaan ma aha. Si kastaba ha ahaatee, haddii aad isticmaasho furaha sirta ah ee xooggan, xitaa haddii sirtu aad u daciif tahay, waxay ku qaadanaysaa weligeed in kombuyuutar super ahi uu jabiyo! Haddii aad isku dayday eraygaaga sirta ah ee goobta intaad akhrinaysay qoraalkan, noogu soo sheeg faallooyinka inta ay qaadanayso in la jabiyo. Ku raaxayso!

OTT Guide to Creating a Strong Password

It’s so common now, that we all do it without even thinking about it: сreate a password that’s at least x charаcters, has at least one number and one symbol and isn’t уour first or last name. Whether you are at work or creating an Aрple ID, these password requirements for a “strong” paѕswоrd are everywhere.

After creating a new password on a site one day, I started thinking about how different all the requirements were. Some sites want passwords no shorter than 3 characters and some enforce a minimum of 8. Some want symbols, some don’t. Some care about your name and previous passwords, other don’t. So which password is really strong?

I did some research and found out two things when you are talking about someone “cracking” your password: firstly, there is the strength of your password and secondly, there is the strength of the encryption that hashes the password into gibberish when stored.

I quickly realized that the whole concept of a strong password is very mathematical and there have been numerous studies done on this topic. The one that caught my attention and that I will mention in this post is from a 2011 Carnegie-Mellon study.

Test Your Password First

Before we get into what a strong password is, let’s see how long it would take to crack your supposedly strong password. To check that, we’re going to use a tool on the PassFault site:

https://passfault.appspot.com/password_strength.html

Here’s how it works. You type in your password and click Analyze. It has two options that are hidden by default, but you can click on Show Options. Let’s explain what they mean.

Cracking Hardware defaults to a $900 password attacker, which would be possible for a legitimate hacker. They also have the option to choose a $180,000 password attacker, which the Chinese might be using if it’s that expensive. The Password Protection drop down gives you a few options for the type of encryption used to store the password. Microsoft Windows System is the weakest, no surprise there. You then have Wireless WPA Access Point, UNIX SHA1, UNIX Blowfish, and 100 rounds of SHA1.

I tried my strong password that I use on a couple of sites and was shocked to see that it could be cracked in 1 day!

Wow, that’s pretty bad. So then I chose the stronger encryption options (Unix Blowfish and 100 rounds of SHA1) and was happier to see the results would take longer than a day: 1 years and 7 months for Unix Blowfish and 2 months and 2 days with 100 rounds of SHA1. However, with the $180,000 password attacker, it went down to 11 days and 3 days, respectively. Not acceptable I thought! I want my password to take years to crack even with a super expensive password cracker. But what’s the best way since I am using a 9 character password with numbers and a symbol?

What Makes a Password Strong?

This is where the Carnegie-Mellon study shed some light on the whole thing. Basically what they found is that the longer the password you use, the stronger it is. This doesn’t necessarily mean the longer password has to have a lot of symbols or numbers, it just has to be long. At 16 characters, all you have to avoid is using super easy dictionary words.

Not convinced that’s possible? In the PassFault site, use the following password, which is only 15 characters and super easy to remember:

ilovemywifealot

Then, for the options, choose the $180,000 password attacker and choose the weakest encryption (Microsoft Windows) and this is what you get:

1 month and 7 days! That’s way better than my password being cracked in 1 day. So what’s wrong with my password? Well, apparently, if your password is shorter, then you need to use more symbols, random letters, and numbers to strengthen it. If it’s longer, like over 15 to 16 characters, then you don’t have to worry about adding all kinds of numbers and symbols. With a longer password, you can even use more dictionary words and it’ll still be very secure. Obviously a password like hellohellohello would still suck even though it’s 15 characters:

It sucks because it’s going to be in the dictionary and it’s the same word three times. In my first password where I profess my love to my wife, the sentence quickly starts looking like gibberish to a computer and no cracking dictionary has that 15 character phrase as a word. Dictionaries have dictionary words so as long as you avoid straight dictionary words, you’ll be good to go. My password could have been even better if I used my wife’s name or a nickname for her instead of the word “wife”. Get the idea?

Obviously, if you can throw in a number of symbol into a long password too, then the password becomes even more ridiculously strong. For example, let’s say I put an exclamation point in front of my wife password and added one number to the end. Then how long would it take to crack with the same options:

Holy cow! So it went from 1 month 7 days to a whopping 4 centuries and 1 decade!!! Yeah centuries!! Now that’s a secure password and it’s not very hard to remember. So check your password using this free online tool and if your password is getting cracked in a few days time, it might be time to think of something new, especially for your sensitive information like banking passwords, etc.

Remember, a lot of these online sites get hacked all the time, so your password is never safe. However, if you use a truly strong password, even if the encryption is very weak, it would take forever for a super computer to crack it! If you tried your password on the site while reading this post, let us know in the comments how long it would take to crack it. Enjoy!

Related posts

• Hagaha OTT ee Codecs, Qaababka Kontaynarada iyo Codaynta

• Hagaha OTT si loo sugo noloshaada dhijitaalka ah Geerida ka dib

• Hagaha OTT si ay martida u galaan shabakadaada deegaanka

• Sida Loogu Shabakado LinkedIn: Hagaha

• Sida Loo Soo Geliyo Fiidiyowga YouTube-Tallaabo Hagitaan Tallaabo

• Hagaha Ku Bilaabashada Qolalka Soo Dhawaynta

• Ma bedeli kartaa Magacaaga Twitch? Haa, Laakin ka digtoonow

• Sida loo Isticmaalo Tags Discord Spoiler

• Sida loo soo dejiyo fiidiyowyada Twitch

• 7 Degdeg ah Hagaajinta Marka Minecraft uu sii wado shil

• Sida maqaal loogu dhejiyo Linkedin (iyo waqtiyada ugu fiican ee la dhejiyo)

• 4 Siyaabaha Lagu Helo Xulashada Internetka ee Ugu Wanaagsan (ISPs) ee aaggaaga

• Sida loo Hagaajiyo Steam "Xawaalad la sugayo" Khaladka

• Sida loo hagaajiyo qaladka Disney Plus Code 83

• Hagaha bilowga ah ee degdega ah ee amarka Windows

• Sida loo kala qaybiyo shaashadda buug-Chrome

• Sida loo soo dejiyo oo loogu rakibo Peacock on Firestick

• Tignoolajiyada Bandhiga Flat Panel La Demystified: TN, IPS, VA, OLED iyo in ka badan

• Sida Looga Qaado Sawir-qaadista Steam

• Tilmaamaha Bilawga ee Pinterest