Crackerjack Cryptographers vs Your Puny Passwords

iStock_000016948956XSmallI just read a description of some pretty great software that I was thinking about buying. One of the things that made it so great was that it had “really strong” 128 bit encryption, which it claimed could take hackers “thousands of years” to crack.

Well, maybe not so much.

Right after I read that description, I happened upon a CNET article about Japanese scientists who have discovered a way to break the world’s most complex encryption, 923 bit code,  in a little over 148 days.

Suddenly, the coolness factor faded considerably on that “really great” application I was just about to buy.

But honestly; after recent news that millions of user passwords were stolen and posted online as a result of hacks on LinkedIn, eHarmony, Last.FM, and 79 banks;  it’s kind of hard to believe that there are any online locks tough enough to stand up to a determined cyber criminal. Combine that with revelations about Flame and Stuxnet; the military malware reportedly unleashed against Iran by the US and Israel; and you have a vivid picture of the kinds of challenges faced by anyone hoping to stay secure online.

If the scientists at Fujitsu labs found a way to crack a 238 character, 923 bit code; how can any of us feel confident about our puny little 6 to 8 character passwords? But, Fujitsu’s press release  makes it clear that they see their breakthrough as paving the way toward a more secure future.

It states in part:

Until now, cryptanalysis of pairing-based cryptography of this length was thought impossible as it was estimated to take several hundred thousand years to break. Indeed, despite numerous efforts to use and spread this cryptography at the development stage, it wasn’t until this new way of approaching the problem was applied that it was proven that pairing-based cryptography of this length was fragile and could actually be broken in 148.2 days. This result is used as the basis of selecting secure encryption technology, and is proving useful in the standardization of next-generation cryptography in electronic government systems in Japan and international standardization organizations.

So, the good news is that these scientists are finding ways to better protect us online in the future. The bad news is that they’ve proven even what was considered to be an unbreakable code can indeed be broken with enough time, computing power, and ingenuity.

While we wait for new and improved security measures to be enacted; we need to make the best of what we have now. Here are some links to articles that can help you find out how to do that.

The Security of Multi-Word Passphrases

Recovering A Hacked G-Mail Account

What To Do If Your LinkedIn Password Is Hacked

The Guide To Password Security (And Why You Should Care)



Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s