More Security.

I think I’m in danger of turning my journal into a geek box or something.

Yesterday’s class was on packet fetching as I laid my hands on Ethereal. Did some monitoring of outgoing and incoming packets and I noticed that as long as a particular site is not secured (not necessarily a bogus site, but one that does not protect data and information using things like SSL) can be pretty scary. For example, I tracked my communication with Friendster and I noticed that my username and password was sent via plaintext (again):

(Click for a bigger image)

Of course I had my password covered, but what you would notice is that the username (the email address) was sent over the channel in plaintext form, and it was the same for the password. Mind you, Friendster isn’t the only site that sends username and password in plaintext form. If your data packet somehow gets intercepted by some evil people, then God knows what might happen to your account.

And then my password was apparently cracked by LC5 using brute force attack:

(Click for a bigger image)

I ran LC5 all over again yesterday from the start, and it took the program less than 5 hours to crack it. And mind you, my password was a combination of alphabets and numbers! However, for the HelpAssistant account, apparently even brute force can’t seem to be able to crack it, as the scan was completed without being able to decipher the entire password:

(Click for a bigger image)

So what it means is that for a password to be relatively more secured, it should be long enough for you to remember, and hard enough for the cracker to crack. Furthermore, one lesson I took from yesterday’s class was that there is actually no completely secured password per se, instead a so-called secured password is just one that a cracker would spend a long time trying to crack and in the end would give up on doing. If a cracker is intent on cracking a password, he will do so anyway. So pick a password that would probably take too long a time for the cracker to crack is probably the best option of all.

OK, before I get too geeky, I’d better get out of here.