Copy Link
Add to Bookmark
Report

Echo Magazine Issue 14 Phile 0x002

eZine's profile picture
Published in 
Echo Magazine
 · 4 years ago

  


echo|zine, issue 14

----------------------------[ Pseudo-random ]-----------------------------
--------------------------------------------------------------------------
-------------------------------[ anonymous ]-------------------------------


---// Human versus Machine: On a verification on password

Ketika membaca postingan blog Bruce Schneier soal Common password[1], yang
saya kutip sebagai berikut:

From a list of 100,000 passwords for a German dating site, we learn
that 123456 works 1.4% of the time and that 2.5% of all passwords
begin with 1234.

Saya mempunyai pengalaman menarik tentang password, terutama ketika
melakukan pekerjaan-pekerjaan penetration testing. Beberapa hal menarik
yang saya temukan (saya ambilkan contoh dari pekerjaan terakhir):

Password yang umum digunakan (lebih dari 40%) adalah: [NAMAPERUSAHAAN]123
sebagai contoh: Perusahaanbapakgue123

Dapat dimengerti karena biasanya user belum mendapatkan edukasi tentang
pemilihan password. Namun apakah sistem tidak dapat memaksa user untuk
memilih password dengan baik? Tentu saja bisa, telaah contoh password yang
saya berikan, terdapat kombinasi angka dan huruf kapital. Sistem tentunya
sudah memeriksa apakah password yang diberikan user sudah memenuhi panjang,
jenis karakter (alpha-numeric), dan pengunaan huruf kapital.

Nah yang menjadi pemikiran saya adalah apakah memungkinkan jika dalam proses
pemilihan password, sistem dapat melakukan intervensi lebih jauh?

Yang saya maksudkan adalah prosedur validasi ekstra yang dilakukan sistem
seperti dengan melakukan beberapa hal berikut:

1. Memeriksa apakah kata yang digunakan oleh user sebagai password terdapat
dalam dictionary list.

2. Melakukan pemeriksaan intensif seperti fast password cracking (dengan
bantuan berbagai macam tools, sebut saja John The Ripper, L0pthCrack,
dan lain-lain), dan jika dalam waktu 30-60 detik password dapat di-crack
maka password yang diusulkan oleh pengguna akan ditolak.

Ide yang saya usulkan tentu saja punya efek samping seperti waktu pemrosesan
penggantian password akan menjadi lebih lama dan juga penggunaan CPU ataupun
memory dalam melakukan verifikasi.

Namun ide tersebut bukanlah ide yang buruk bukan? :-)


---// Referensi

1. Bruce Schenier, Common Password,
http://www.schneier.com/blog/archives/2006/05/common_password.html

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

guest's profile picture
@guest
12 Nov 2024
It is very remarkable that the period of Atlantis’s destruction, which occurred due to earthquakes and cataclysms, coincides with what is co ...

guest's profile picture
@guest
12 Nov 2024
Plato learned the legend through his older cousin named Critias, who, in turn, had acquired information about the mythical lost continent fr ...

guest's profile picture
@guest
10 Nov 2024
الاسم : جابر حسين الناصح - السن :٤٢سنه - الموقف من التجنيد : ادي الخدمه - خبره عشرين سنه منهم عشر سنوات في كبرى الشركات بالسعوديه وعشر سنوات ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
6 Nov 2024
Thank you! I've corrected the date in the article. However, some websites list January 1980 as the date of death.

guest's profile picture
@guest
5 Nov 2024
Crespi died i april 1982, not january 1980.

guest's profile picture
@guest
4 Nov 2024
In 1955, the explorer Thor Heyerdahl managed to erect a Moai in eighteen days, with the help of twelve natives and using only logs and stone ...

guest's profile picture
@guest
4 Nov 2024
For what unknown reason did our distant ancestors dot much of the surface of the then-known lands with those large stones? Why are such cons ...

guest's profile picture
@guest
4 Nov 2024
The real pyramid mania exploded in 1830. A certain John Taylor, who had never visited them but relied on some measurements made by Colonel H ...

guest's profile picture
@guest
4 Nov 2024
Even with all the modern technologies available to us, structures like the Great Pyramid of Cheops could only be built today with immense di ...

lostcivilizations's profile picture
Lost Civilizations (@lostcivilizations)
2 Nov 2024
In Sardinia, there is a legend known as the Legend of Tirrenide. Thousands of years ago, there was a continent called Tirrenide. It was a l ...
Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT