a4apphack

How to choose a strong and secure password? The obvious answer is to choose a very long password and the next answer in the list is to include as much special characters as possible. But doing so would make it more difficult to remember and would even force us to jot it in postits.

But the ideal solution would be to choose a password which takes longer time to crack. Hackers can find someway to crack our password, all we have to make them try stronger and harder. Passwords are usually cracked using a method called as Bruteforce attack where a malicious tool tries to match all the type of password combination available against the target system. More complex the password is, more are the combinations to be tried and less probable it becomes for the tool to guess our password right.

This website, HowSecureIsMyPassword, gives us an idea on how long it takes to crack a password with a normal desktop PC. We can try various combinations, longer password/different character sets and analyze the results.

So as mentioned earlier we should choose a password which takes at least more than ‘a year’ to crack. This arbitrary value – ‘a year’ is based on the assumption that we would change our passwords once in every year so by the time the cracker obtains our password, we would have changed it

Read the rest of this entry »

RandomKeyGenerator site provides quickest way of securing our accounts – generates super strong passwords online. These passwords generated can be used for setting up the passwords from local system accounts to root admin accounts. Strong Passwords can help us to protect against any brute-force/dictionary attacks. Read more about how strong the passwords should be, here.

[Img Credit]

Type of Keys Generated with Random Key Gen

• Strong Passwords for local and webhost accounts
• Ft. Knox Passwords for admin accounts
• CodeIgniter Encryption Keys – 256bit keys
• 160-bit WPA Keys
• 540-bit WPA Keys
• 64-bit WEP Keys
• 128-bit WEP Keys
• 152-bit WEP Keys
• 256-bit WEP Keys

Read the rest of this entry »

Chrome is becoming popular among the developers due to its extended support for the upcoming web technologies. If these features of chrome can help the developers to dissect & analyse the newest web applications, so can it for security analysts. Firefox has become so popular among the security guys due to the availability of addons like WebDeveloper/Firebug which can aid them during their security assessments.

The extension Pendule is an attempt to reproduce the features of WebDeveloper Addon for firefox. Currently it doesn’t support all the features of WebDeveloper but expected to incorporate soon.

Pendule - Chrome Extension

Features

1. Form Manipulations

2. View Javascripts

3. Show Image Paths Inline

Download Pendule:

Many of us register with some interesting sites by submitting a userid, password and our emailid for verification. We also choose different passwords for different sites so as to make sure that our credentials are never compromised. Remembering passwords for a huge of sites would be a Herculean task. We might use offline password managers like Keepass, but if you are a person like me who work with multiple PC’s; then syncing those passwords created, would be a problem. So the best option would be to store passwords online and safely retrieve them whenever required. And we have Password++ …

Read the rest of this entry »

Firepassword is a tool which is used to enumerate the passwords saved in the Firefox password manager. This tool can be used to extract the credentials in plain text from the Firefox database and download it into a flat file for later use.
Read the rest of this entry »