When you type in a password, the computer converts whatever you type into a hash. A hash is a unique algorithmic value that is then stored on your computer (or Web server). "Computers have been designed this way for the last 20 years," said Graham, who last summer hacked someone's Gmail account before a live Black Hat audience, "so that when hackers break into your computers they can not just easily steal your passwords. All they can steal is that cryptographic information." Typically, passwords are stored in MD4 hash, says Graham.
"My post was that when -1hes are used typically, when they're used normally, they're only used for one file or one -1h, or one object that's being -1hed, When the hacker can use a -1h, though, they're trying to crack it; they're trying to use all different sorts of combinations . And computers today are massively parallel, so a hacker can check up to 10 different -1hes simultaneously. Whereas the normal user of a -1h is only checking one at a time. So that implied that -1hes are a few bits weaker than you would expect, since hackers can use so much more parallel architecture on the computer to crack them." Security Watch: Cracking passwords - CNET reviews
Back to: PC Security, privacy news