Jump to content

My thoughts with PASSWORDS and helpful info.

Promise

By Promise
in General Discussion

 Share

Recommended Posts

Promise

Promise

Posted
Posted

This is something I've been doing on my spare time, and before anyone jumps to conclusion, the research I did was based solely on Whitehat morals. This basically means I try/use hacking software on test dummies for the sake of internet security.

 

 

 

So, this is what I've come to conclusion. If you use any ENGLISH word(s), regardless if you have numbers in your password, you are very, very vulnerable.

 

 

 

There are 3 main attacks a hacker will use. A dictionary attack, a hybrid attack, or a bruteforce attack. In runescape, or any other major online game/website, your biggest worries are dictionary attacks and hybrid attacks. A dictionary attack will try the most commonly used word(s) in a password, if not cracked, it will begin to try every word in a word list you supply. (This is where you are at an advantage and I will explain later.) Hybrid attacks are the same as dictionary attacks, except numbers are added.

 

 

 

As a default, a loooot of these password cracking programs come with ENGLISH word lists that were copied from large dictionaries. What my idea is this, use words from other languages. Hell, mix up words from different languages. I've never seen anyone use word lists from more than a single ditionary...assuming the target is a Runescape account. If its anything more, than the hacker has bigger fish to fry...

 

 

 

For example, my password contains two hawaiian words and one english word.

 

 

 

This is just something I though I'd like to share with everyone.

 

Promise

 

 

 

I would like to add, do not use the same password for anything. So someone may not try to crack your password for runescape first, maybe your AIM account, and then use that password and try it with your runescape account.

Link to comment
Share on other sites
Wongtong

Wongtong

Posted
Posted

Do dictionary attackers just try single words? By single I mean words that are separate. (e.g 'cat' as opposed to 'catdog')

 

 

 

Surely by combining more than one word and placing letters throughout the words e.g "c0ot1esf0rev3r" would be enough?

10postchm2105.png

8,180

WONGTONG IS THE BEST AND IS MORE SUPERIOR THAN ME

#1 Wongtong stalker.

Im looking for some No Limit soldiers!

Link to comment
Share on other sites
Promise

Promise

Posted
  • Author
Posted
Do dictionary attackers just try single words? By single I mean words that are separate. (e.g 'cat' as opposed to 'catdog')

 

 

 

Surely by combining more than one word and placing letters throughout the words e.g "c0ot1esf0rev3r" would be enough?

 

 

 

It really just depends on the software and the hacker. Multiple words can be used, along with internet slang such as leet speak.

 

 

 

But words that don't exist in any dictionary, combined with numbers should be safe (against dictionary and hybrid attacks), assuming its at least 6 digits.

Link to comment
Share on other sites
DeeKay

DeeKay

Posted
Posted

Kills me you keep calling these wanna-bees 'hackers'. Talking Runescape, you can't do these sort of cracking on the RS servers (it'll most likely ban your IP after a few failed tries), and the likelihood of getting a hold of the files that actually have the hashes is in question as well.

 

Anyways, as mentioned, it's a bad idea having your password a dictionary word - because it takes half a second to compare the whole book to your pass - but random English letters are just fine.

 

Just for the record, a 12-chars password consisting of English letters and numbers has 4,738,381,338,321,616,896 variations, plenty to cover any brute force attacks.

zj7y4z.gif

DeeKay.png

Link to comment
Share on other sites
Promise

Promise

Posted
  • Author
Posted
Kills me you keep calling these wanna-bees 'hackers'. Talking Runescape, you can't do these sort of cracking on the RS servers (it'll most likely ban your IP after a few failed tries), and the likelihood of getting a hold of the files that actually have the hashes is in question as well.

 

Anyways, as mentioned, it's a bad idea having your password a dictionary word - because it takes half a second to compare the whole book to your pass - but random English letters are just fine.

 

Just for the record, a 12-chars password consisting of English letters and numbers has 4,738,381,338,321,616,896 variations, plenty to cover any brute force attacks.

 

 

 

What should I call them then?

 

 

 

Yeah, you can't do these sorts of things on runescape, but looooots of people use the same password for everything. But other websites they go on maybe attacked with a hybrid attack.

 

 

 

You can definitely have a 12 random digit password, have fun looking for that tiny little piece of paper you wrote it on. IMO, my methods seems more practical.

 

 

 

I should probably throw it in the OP not to use the same password.

Link to comment
Share on other sites
Wizz

Wizz

Posted
Posted

I guess I'm safe the first 5 characters are numbers and the rest are initials and special letters ( I have a Spanish keyboard so I can use the letter ñ ). Unless the person knows me they have absolutely no way to know the initials. (It's not my name but rather a mixture of the first letter of names and words). Hmm I have a 14 character password....

Wongton is better than me in anyway~~

 

94qbe.jpg

Link to comment
Share on other sites
Dire_Wolf

Dire_Wolf

Posted
Posted
This is something I've been doing on my spare time, and before anyone jumps to conclusion, the research I did was based solely on Whitehat morals. This basically means I try/use hacking software on test dummies for the sake of internet security.

 

 

 

So, this is what I've come to conclusion. If you use any ENGLISH word(s), regardless if you have numbers in your password, you are very, very vulnerable.

 

 

Interesting read. I liked it and i agree with you. Let's just hope there is not a genius hacker with a very advanced program out there...

 

 

 

There is probably, but few i bet.

Link to comment
Share on other sites
Promise

Promise

Posted
  • Author
Posted
This is something I've been doing on my spare time, and before anyone jumps to conclusion, the research I did was based solely on Whitehat morals. This basically means I try/use hacking software on test dummies for the sake of internet security.

 

 

 

So, this is what I've come to conclusion. If you use any ENGLISH word(s), regardless if you have numbers in your password, you are very, very vulnerable.

 

 

Interesting read. I liked it and i agree with you. Let's just hope there is not a genius hacker with a very advanced program out there...

 

 

 

There is probably, but few i bet.

 

 

 

Well, lets put it this way. The technology is available, but a game isn't what they have in mind. Big targets are gambling websites, like during super bowl, pro bowl, and other big sporting events where lots of online gambling takes place.

Link to comment
Share on other sites
x_bow80

x_bow80

Posted
Posted
This is something I've been doing on my spare time, and before anyone jumps to conclusion, the research I did was based solely on Whitehat morals. This basically means I try/use hacking software on test dummies for the sake of internet security.

 

 

 

So, this is what I've come to conclusion. If you use any ENGLISH word(s), regardless if you have numbers in your password, you are very, very vulnerable.

 

 

Interesting read. I liked it and i agree with you. Let's just hope there is not a genius hacker with a very advanced program out there...

 

 

 

There is probably, but few i bet.

 

Yeah there is, but no one with that advanced of a program would use it to hack runescape accounts :lol:

 

 

 

My pass is a bunch of random numbers and letters :thumbup:

X_Bow800.png

99 Pics - Range, Defence, HP, Attack, Magic, Strength, Cooking

Link to comment
Share on other sites
Returned3

Returned3

Posted
Posted

My password is only 7 characters long but I assure you that it is a mix of both numbers and a bunch of randomly selected alphabets.

 

 

 

Can't remember how I managed to come up with that, but I definitely feel that it is safe.

00:00:05

00:00:04

00:00:03

00:00:02

00:00:01

00:00:00

 

Break the Walls down!

Link to comment
Share on other sites
Promise

Promise

Posted
  • Author
Posted
I have a 10 random letter/number password with the letters strategically spread over my keyboard so it's fast to type :P

 

 

 

Depending on the software you download, the wordlist it comes with normally has basic to advanced keyboard patterns such as:qwerty, qzwxec, etc.

 

 

 

So, don't make it too obvious.

Link to comment
Share on other sites
D Jay99

D Jay99

Posted
Posted
I have a 10 random letter/number password with the letters strategically spread over my keyboard so it's fast to type :P

 

 

 

Depending on the software you download, the wordlist it comes with normally has basic to advanced keyboard patterns such as:qwerty, qzwxec, etc.

 

 

 

So, don't make it too obvious.

 

Nah, they're still random, but I've composed it in such a way the letters/numbers switch between being on the left and on the right side of the keyboard.

2dvjurb.png
Link to comment
Share on other sites
Zaaps1

Zaaps1

Posted
Posted

Mine isn't a dictionary word in ANY language :lol:

 

7ApdH.png

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept