Whether it be full disk encryption, PGP, Veracrypt containers, or any other way to encrypt a file or a message, you need a good password to protect it. This is especially important when protecting sensitive information. Without a good password, you don’t have good encryption, period.
Let’s take AES-256 for instance, a 256 bit key is absolutely massive. How massive? Well, the way to calculate this is to bring 2 to the 256th power (try to do that in your head). This number is absolutely massive. Calculated out, this number looks like this:
If you’re not a nerd, this means nothing to you, so let’s bring it back down to human level. You have that many possible combinations in an encryption key, which is an obnoxious amount, but the password you use for it becomes the weak point. It is very uncommon for anyone to attack the encryption cypher itself, because it is so massive, rather they use dictionary lists to go after passwords. A dictionary list is simply a list of the most common passwords, that an attacker uses against whatever it is that you are trying to protect.
What’s in a Password?
Let’s take the most commonly hacked passwords of 2017 as compiled by SplashData:
On this list, we have common names, number sequences and trending topics. These or any permutations of these passwords are going to get hacked in less than an hour. Compare this list to the top 100 passwords in the most used dictionary list in the world: rockyou.txt and you will see many similarities.
If you compare these lists, you see that they intersect in many places. If an attacker was using this list to break a common password, it would take him less than a second to get through the first few hundred (depending on hardware, type of hash, software used, etc.).
The Solution to Your Terrible Password
So what’s the solution to this? A password manager is a perfect first step for both organization of passwords and generation of secure, hard to crack passwords. We’ve talked about password managers a lot in the past, so there’s no need to reiterate. Check out our past articles. Another solution is to invest in something like the OnlyKey, a hardware password manager, more details on that here.
Questions, Comments, Concerns?
Let us know what you think below!