Page 13 - 11Cyber

P. 13

(Continued from page 12)
"Don't be a Beavis. Use strong passwords."

(It takes time, but the lookup yields results, look
carefully) "Yeah, Dude…
and Salt it."

So, did you 'Crack' any of the hash values in the
bank database? Could you try to log in with the Photo Credits
password of any of these victims? "Picture on Early Office Museum" Author: New York
Zoological Society, 1907 Public Domain

It looks like user Bevis may lose his savings. Maybe
his longword just was not long enough. But did you "Infinite Monkeys 2008" by Simon Greig Photo is li-
actually 'Decrypt,'' Decode,' 'Crack,' 'Hack,' or censed under CC BY-NC-SA 2
'reverse engineer' any of the passwords?
"Glass food storage container with Easy Find Lids" by
NO. You simply found a value that matches a known Rubbermaid Products is licensed under CC BY 2.0
hash (you found it in your Hash Table Dictionary),
and you 'Guessed' what one of the passwords might "U-505 Enigma Machine (View 4)" by derekbruff is
be. And you would be exactly correct because, as licensed under CC BY-NC 2.0
we learned from Einstein in part 1: "we expect to get
the same results for a given string every time. To get
anything different would be crazy." "hourglass" by secubie is licensed under CC BY-NC-
SA 2.0

By the way, customer Bill, whose root password is
William1, will not be in trouble because he salted his "Walnut in nutcracker" by wuestenigel is licensed un-
password. So, unless you bad guys hash his actual der CC BY 2.0
password ("William1") plus his salt (which is
"PlusPepper") to get an ART4() hash of 5835, you "Infinite Monkeys 2008" by Simon Greig Photo is li-
will not be getting into his account. censed under CC BY-NC-SA

And because the bank did not SALT the customer's "Beavis and Butt-head titlecard" fair use by https://
passwords, a plain language hash dictionary leaves en.wikipedia.org/wiki/File:Beavis_and_Butt-
many customers vulnerable for this look-up solution. head_titlecard.png#filelinks

Do not let that be you. Use Good Passwords, not CC creative commons licensed
common short words or expressions that will be
found in the dictionary. And when you do enter or
change your password, use SALT if it's valuable, References
SALT it.
Infinite monkey theorem Wikipedia article https://
en.wikipedia.org/wiki/Infinite_monkey_theorem

SHA-256 https://www.freeformatter.com/sha256-
generator.html#ad-output has a good tutorial

Pawned Passwords are a dictionary of 613,584,246
real-world passwords previously exposed in data
breaches. This exposure makes them unsuitable for
ongoing use as they are at a much greater risk of be-
ing used to take over other accounts. Has YOUR
password already been compromised? https://
haveibeenpwned.com/Passwords

A Monkey and a Typewriter Make a Hash with Shake-
speare and a Soccer Ball by Arthur Gresham is li-

Cyber Awareness Bulletin 13 October 2021

8 9 10 11 12 13 14 15 16 17 18