A password or also a password is a general means to the Authentifizierung of a user (not excluding humans) within a system, who proves itself by clear information (the password) in relation to the system. The authenticity of the user remains protected therefore only if it keeps the password secret.

Historical

A password (also password, slogan or slogan) was originally in the military in as registration numbers serving word, in order to differentiate with darkness or with unknown Kombattanten friend and enemy. This very day by nachtpatrouillierenden soldiers on maneuvers the question about the slogan is asked. In the Middle Ages some castle FE storage was decided by the betrayal of the slogan.

Pin

The pin (personal identification number) is another form of the password with one excluding numeric character sequence, which is freely selectable not always of the user and finds e.g. when the money taking off the cash-point dispenser use. Them are mostly 4 places long.

Use of passwords

Frequent use of passwords takes place in the computer world in connection with a user or a user name, e.g. at Wikipedia. Here the password is arbitrary alphanumeric Zeichenfolge.Einen self-chosen of the user special case represents the a mark password in such a way specified, with which each password is used only once for the authentication and then becomes invalid. A particularly high security is awarded to this procedure. No damage, if a password is spied during the use, develops because afterwards is invalid it. A mark passwords are used for example for the PIN/TAN procedure with on-line Banking. In addition passwords are used within the range of the safety device for children, in order to refuse to children the access to televisions, Receiver or unsuitable program contents.

Secure passwords for the coding

Modern coding procedures cannot be cracked by testing all keys Brute Force in practice. The weak point is usually the password used by the user. This can be determined frequently with a dictionary attack, thus by testing passwords frequently used, which can be found in particularly electronic dictionaries provided in addition. So that a password is not more uncertain than the actual coding (112 to with usual procedures), about 20 indications are necessary. If the password does not consist of coincidental indications, however clearly longer passwords are necessary, in order to achieve the same security against the Brute Force attack.

In connection with the software PGP the terms passport cliche and Mantra for a password from several words were introduced.

"Passphrases" are meaningful as for example "the telephone door possibly also are perdu & we ordered 911 yogurt ". Here should be used rare words and word positions, fantasy words or fremdspachige words. Such a sentence is relatively easy however to notice only if it results in possibly a sense. Its components for one may not well (over the person and its interests) nevertheless informed aggressors to be foreseeable.

Film quotations or famous utterances are just as unsuitable as the lining up of simple words. Dates of birth, maiden names of women or domestic animal names are likewise contained in the appropriate dictionaries.

Safety factors

The security of a password depends above all on the fact that this remains secret. Other factors for the protection of the password e.g. are:

• As frequently the password can be used for the Authentifizierung. Largest security is given with unique use. Each repeated employment of the password increases the danger to betray the password in unencrypted transfer or espionage measures (as e.g. by key LOGGING or Phishing).
• The transmission of the password from the user to the system should be safe, e.g. by use from coded channels to the transmission (see also SSL). Thus will it with safe implementation and sufficient strength of the coding for the aggressor almost not possibly to get to know the password since the computer capacity of today's computers is not sufficient by far, in order to crack SSL codings.
• Many passwords can be easily guessed by aggressors. Since most passwords are entered by human users (contrary to the production by random number generators) and above all easily stamping SAM to be to have, are used passwords which can be guessed frequently simply, like e.g. name of the woman, the friend or domestic animal, as well as birthdays or addresses. One can be password also assistance of indication more surely to make, which does not give it on the keyboard, e.g. "¤, ". These indications are usually ignored with Brute Force attacks. For typing one uses under Windows then [alto] + [0174], [alto] + [0164] and [alto] + [0169]. The numbers must be typed with switched on Num LOCK on the number block.
• With production by random number generators it is to be noted that computers cannot generate "genuine "coincidence with maximum entropy. One speaks of pseudo random number generators. This weak point can however only in rarest cases used, since first the sample, with which the generator works, thus parameters and also the seed (those are further, coincidental parameters) must be opened. "One can win genuine one "coincidence e.g. with overlay of acoustic waves, if one notes and into digital form brings these.
• The keeping of the password on the side of the Authentisierers should take place also coded, control can owing to cryptographic procedures (so-called Hash functions) nevertheless problem-free take place.
• The password should be as long as possible. The system should use as large a character set as possible, with which the password is formed. The optimal length and composition depend on several factors:
  • Which indications are used (numbers, letter, special character, arranged according to complexity, there numbers of only ten variations of 0-9, letters however 26 or with upper and lower case printing capability even 52 variations per indication to permit, which clearly make an Brute Force attack more difficult on the password). Special characters offer the largest variation density, are generally however more difficult to stamp. One should find an average between security and stamping SAMness.
  • That access to the password is e.g. as fast (Web server access than direct file access on the Hash of the password is generally slower).
  • Whether the password can be found by means of a dictionary attack. This can by technical terms without logical purchase, as are e.g. prevented "whistle light "or "bird keyboard ", since dictionary attacks on lists of well-known passwords and terms access. However more complex dictionary attacks with hybrid function could combine several word rows and break so also technical terms. But such a complex attack is connected for his part with very many parameters and combination options, so that its employment would be worthwhile itself only in few special cases.

Besides the system should not accept new inputs after a certain number of incorrect inputs, until a certain time passed and/or the system was manually again de-energised.

Windows programs for the password administration

C't the magazine recommends regularly the open SOURCE programs passwords Safe and KeePass for the safe and comfortable password administration and - to storage under Windows. Password Safe was originally developed by the Kryptografie expert Bruce Schneier.

Linux programs for the password administration

Under Linux the program offers itself KWallet for the password administration. This program is according to standard contained in KDE starting from version 3.4. It co-operates closely with the E-Mail-Client KMail and the Webbrowser Konqueror, so that from web pages or from E-Mail servers queried passwords will transfer automatically can, as soon as the digital wallet is once opened. In addition, other passwords and arbitrary pairs of key values can be administered comfortably and surely directly with KWallet. Alternatively existed also a Linux version of the Windows Passwortmanagers KeePass with the name KeePassX, already mentioned. A further program, with whose development large attention to safe coding algorithms was put, is PwManager.

See also

• Diceware - method for production more surely and easily remindable passwords and/or passport cliches

Articles in category "Password"

We found here 3 articles.

Related Websites

We found here 4 related websites.

• John the Ripper password cracker
  A portable password cracker with built-in efficient implementations of multiple password hashing algorith...


• Password - Wikipedia, the free encyclopedia
  The security of a password-protected system depends on several factors. ... If an attacker gains access to the password file, all passwords are compromised. ...


• Password Crackers, Inc.
  Homepage of Password Crackers, Inc. providers of Password Recovery Services.


• Password Recovery Software
  Password recovery software for Word, Excel, Outlook, Access, and Quicken.