Passwords have to be stored on the computer or network so the OS can verify what is typed in. The secure way to do this is to never store an actual password, but instead a hashed version. So when a password is typed it is hashed by the computer and compared to the stored version. This way there is never a copy of the password that a hacker may find. The hashing programs work only in one direction, so a hashed password can't be unhashed.
This can be defeated by a dictionary attack. Every possible combination of characters is hashed and the password-hash pair stored. Then the hacker only has to retrieve the hashed password and look up the real password in the dictionary. This was once hard to do because it took so long to create the dictionary. But today such a dictionary only has to be created once and lookups can easily be made via the Web, often simply Googled. So isn't all the fuss to force us to make up long, complicated passwords and change them frequently, just a silly waste of time? What they call "security theater." ************************************************************************ * ==> QUICK LIST-COMMAND REFERENCE - Put the following commands in <== * ==> the body of an email & send 'em to: [EMAIL PROTECTED] <== * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] ************************************************************************ * List archive from 1/1/2000 is on the MARC http://marc.info/?l=computerguys-l * List archive at www.mail-archive.com/[email protected]/ * RSS at www.mail-archive.com/[email protected]/maillist.xml * Messages bearing the header "X-No-Archive: yes" will not be archived ************************************************************************
