Page 24 - 11Cyber

P. 24

(Continued from page 23) 115 MD5 variations on each. To search for a spe-
'cracking' your password. cific password or hash string, use a site-specific
Google search such as this
Let me emphasize this about Password Managers.
You should NEVER add your salt to the passwords 'hello kitty' site:https://md5hashonline.com/most-
you store in your Password Manager. Just store common-passwords/
your passwords as normal text. And when you en- (7) Aren't there actual programs that try to 'crack' a
ter it onto a site, then you add your salt. Then if an- single password? Yes, of course. A popular one is
yone ever gets one or more, or all of your pass- Hashcat. How does it work?
words, it will be of no use to them at all. Carry your https://www.csoonline.com/article/3542630/hashcat-
own salt. Apply when needed.
explained-why-you-might-need-thispassword-
Some helpful sites-footnotes and additional re- cracker.html
sources
Additional Resources
(1) Pawned Passwords are 613,584,246 real-world A quick evaluation of how secure your password is at
passwords previously exposed in data breach-
es. This exposure makes them unsuitable for https://howsecureismypassword.net/
ongoing use as they are at a much greater risk A couple easier to use websites that will make hash
of being used to take over other accounts. Has for you at
YOUR password already been compromised?
https://haveibeenpwned.com/Passwords SHA-256 https://www.freeformatter.com/sha256-
generator.html#ad-output (has a good tutorial)
(2) (2) What is Hashing (and how does it work?)
https://www.sentinelone.com/cybersecurity-101/ MD5 and SHA-1 https://www.md5hashgenerator.com/
hashing/ https://md5hashonline.com/?s=nothing Replace
(3) (3) Extensive quotes at the beginning of this 'nothing' with something else
article are from https://thycotic.com/company/ Photo Credits
blog/2020/05/07/how-do-passwords-work/
1. "HashandSaltandDictionary" by Arthur Gresham is
(4) By Barbara Hoffman May 7, 2020 licensed under CC BY-SA 2.0

(5) (4) Learn about the 7 Ways Hackers Steal Your 2. "Corned Beef and Hash" by gozamos is licensed
Passwords. This article and Part 2 only cover under CC BY-SA 2.0
methods 2 and 5, Spraying and Brute Force.
YOU still must protect yourself against other 3. "Freedmen's bank passbook" by Allen Gathman is
types such as Phishing and Keyloggers, Local licensed under CC BY-NC-SA
Discovery and of course Extortion https:// 4. "Geordi & Data" by JD Hancock is licensed under
www.sentinelone.com/blog/7-ways-hackers- CC BY 2.0
steal-your-passwords/
5. 5. "Red Flannel Hash (9)" by Joelk75 is licensed
(6) (5) Learn about adding SALT to HASHING from under CC BY 2.0
the perspective of those on the inside who create 6. 6. "Betty Crocker's Cookbook" by Patrick Q is li-
the systems to manage passwords.
censed under CC BY-NC 2.0
https: auth0.com/blog/adding-salt-tohashing-a- 7. "Insanity by Albert Einstein" by Mimsen is licensed
better-way-to-store-passwords/
under CC BY-SA 2.0
(6) A smaller list of 14,344,391 of the most com- 8. "dictionary-1 copy.jpg" by TexasT's is licensed un-
mon passwords discovered in various data der CC BY-NC-ND 2.0
breaches worldwide (plus some very odd
strings!) at https://md5hashonline.com/most- 9. "salt shaker" by TooFarNorth is licensed under CC
common-passwords where you can see the re-
(Continued on page 25)
sults of the more than 50 hash functions, plus

Cyber Awareness Bulletin 24 October 2021

19 20 21 22 23 24 25 26 27 28