Reply to post: Re: Well, there's your problem

Father of Unix Ken Thompson checkmated: Old eight-char password is finally cracked

ThatOne Silver badge

Re: Well, there's your problem

Sure, but simply going by the password cracking tools, is "password%%%%" easier to crack than "password#%$&"? All right, the "password" part is a common dictionary word, but what I'm wondering is if the four characters added to it will/should/might obfuscate the hash so the cracker needs to brute force the whole thing like if it was all random. And in this case, would be "password####" really easier to crack than "password#%$&"?

The idea is to defend yourself against what will attack you, so if it's all the same for password crackers, you could possibly use a password like "password++++++++++++++++++++++++", which is 32 characters long and yet very easy to remember ("password" and 24x "+"). All right, I admit that from a purely theoretical point of view it has less entropy than a 32-character password like "nB!y8s#ey8$aw&I1ga2x?t3-6+86K=OA", but is its hash really easier to crack? I don't think you could find that in rainbow tables, I think that calculating the hash of any dictionary word with a random amount of a random number of repeated characters after it would create a unmanageably huge list, which puts you beyond the reach of ordinary (lazy) hackers (obviously if your password protects the crown jewels you might want to go the hard way and avoid that kind of cheat.)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019