I enjoyed reading your post. Long, complex passwords have become an essential security measure. I am an aspiring ethical hacker, and one of my hobbies is cracking hashed passwords. Ten years ago cracking a nine character upper and lower case alphanumeric password would have been highly improbable. Today you can grab an AWS p2.16xlarge instance for about fourteen dollars an hour for an on-demand instance and if your frugal and looking to crack passwords at scale you could use spot instances and lower the cost for a p2.16xlarge to < seven dollars an hour. The use of GPUs has lowered the time to crack password from years to days and from days to minutes and seconds. Most people know that using a long alphanumeric password which contains upper and lowercase letters, numbers and special characters is a good idea. It’s a good idea to avoid simple leet passwords like “H0use” because these sort of passwords provide little int the way of extra security. A little know fact is that the ability to use of a “:” in your password makes it significantly harder to crack, the reason is that password cracking tools like hashcat use the colon as a delimiter (the colon delimiter is linked to the Unix \etc\passwd file use of the colon to delimit fields) for the split function, so a colon confuses the password cracker. Unfortunately, the colon is a common delimiter, and not all systems will allow its use.

References

Amazon EC2 – P2 Instances. (n.d.). Retrieved March 12, 2017, from https://aws.amazon.com/ec2/instance-types/p2/

Dan Goodin – May 28, 2013 1:00 am UTC. (2013, May 27). Anatomy of a hack: How crackers ransack passwords like “qeadzcwrsfxv1331”. Retrieved March 12, 2017, from https://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/2/

Gite, V. (2015, August 03). Understanding \etc\passwd File Format. Retrieved March 12, 2017, from https://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/

GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card. (2011, July 12). Retrieved March 12, 2017, from https://mytechencounters.wordpress.com/2011/04/03/gpu-password-cracking-crack-a-windows-password-using-a-graphic-card/

Hashcat advanced password recovery. (n.d.). Retrieved March 12, 2017, from https://hashcat.net/hashcat/

Mathiopoulos, I. (2016, October 05). Running hashcat in Amazon’s AWS new 16 GPU p2.16xlarge instance. Retrieved March 12, 2017, from https://medium.com/@iraklis/running-hashcat-in-amazons-aws-new-16-gpu-p2-16xlarge-instance-9963f607164c#.kcszxs1s5

Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing (5th ed.). Upper Saddle River: Prentice Hall.

Project 12: Cracking Linux Password Hashes with Hashcat (15 pts.). (n.d.). Retrieved March 12, 2017, from https://samsclass.info/123/proj10/p12-hashcat.htm

Spot Bid Advisor. (n.d.). Retrieved March 12, 2017, from https://aws.amazon.com/ec2/spot/bid-advisor/