A Simple Password Tip

by Colin Berkshire

I was working with a guy in our IT department and he was playing with a password cracker. He was cracking into a PDF file that one of our users had forgotten the password to. After cranking on the PDF file for two days it cracked it. Voila, we had access to our file again.

But as I was watching it, I noticed that it was doing a brute force attack on the password. This technique basically just sequences each letter in the alphabet one at a time, and tries each one until the correct password is found. I noticed that it was literally sequencing sequentially…and an idea came to me…

If the very first character were very high up in the ASCII table it would brute force crack the password much later. Using a “z” as the first letter of your password can take 4X as long to crack as if the first character is an “!”.

Now eventually your password will get cracked as it is just a matter of time. And, longer passwords vastly increase the time to crack. (By about 100-fold every additional character added.) But why not use a high-value character such as “z” at the beginning just to increase the cracking effort four-fold?