nion's blog

Don't use Googles password validation script

Posted by Nico Golde in
Monday, January 8. 2007

The Googlewatchblog shows how you can use Googles password test script to find
out how secure your own password is.

To use this, go to https://www.google.com/accounts/RatePassword?Passwd=

Ok thought I try it out with the password 'hgd', the result is funny, it says 4 (0 is the lowest security, 4 the highest).

Ok lets test this.

#include <unistd.h>
#include <stdio.h>
int main (void){
const char *pass="hgd";
const char *user="foo";
printf("%s:%s:2305:0:99999:7:::\n", user, crypt(pass,user));
return 0;
}

The code produces a basic shadow(3) line like we all have on our Linux installations with the crypted value of 'hgd'.



gcc pwd.c -lcrypt; ./a.out > file; sudo john file

Loaded 1 password (Standard DES [48/64 4K])

hgd              (foo)

guesses: 1  time: 0:00:00:06 (3)  c/s: 97211  trying: w9s - szs

sudo john file  5,42s user 0,04s system 90% cpu 6,046 total

Wow thats really a secure password!!!

Tested on my 2 years old notebook.
Ok google tests it for web applications and not for login data on your operating system but
this fact makes it even easier to gain access since every basic wordfile could brute force this.

I hope noone uses this script to test his passwords...

Comments (0) - Trackback (1)

Defined tags for this entry: google, passwords, tests

Related entries by tags:

(Page 1 of 1, totaling 1 entries)

Calendar

Quicksearch

Support

Follow @iamnion

=>my website

Entries from Monday, January 8. 2007

Don't use Googles password validation script

Calendar

Quicksearch

Support

Recent Entries

Archives

Syndicate This Blog

Categories

Tag cloud