Brute Force Attack!

A last resort is to try every possible password, known as a brute force attack. In theory, a brute force attack will always be successful since the rules for acceptable passwords must be publicly known, but as the number of possible passwords increases very rapidly as the length of the password increases, this method is unlikely to be practical unless the password is relatively small. But, how small is too small? A common current length recommendation is 8 or more randomly chosen characters combining letters, numbers, and special (punctuation, etc) characters. Systems which limit passwords to numeric characters only, or upper case only, or, generally, which exclude possible password character choices make such attacks easier. Using longer passwords in such cases (if possible on a particular system) can compensate for a limited allowable character set. and, of course, even with an adequate range of character choice, users who ignore that range (using only upper case alphabetic characters, or digits alone, for instance) make brute force attacks much easier against those password choices.

Generic brute-force search techniques can be used to speed up the computation. But the real threat may be likely to be from smart brute-force techniques that exploit knowledge about how people tend to choose passwords. NIST SP 800-63 (2) provides further discussion of password quality, and suggests, for example, that an 8 character user-chosen password may provide somewhere between 18 and 30 bits of entropy, depending on how it is chosen. Note: This number is very far less than what is generally considered to be safe for an encryption key.

How small is too small thus depends partly on an attacker's ingenuity and resources (e.g., available time, computing power, etc.), the latter of which will increase as computers get faster. Most commonly used hashes can be implemented using specialized hardware, allowing faster attacks. Large numbers of computers can be harnessed in parallel, each trying a separate portion of the search space. Unused overnight and weekend time on office computers can also be used for this purpose.

The distinction between guessing, dictionary and brute force attacks is not strict. They are similar in that an attacker goes through a list of candidate passwords one by one; the list may be explicitly enumerated or implicitly defined, may or may not incorporate knowledge about the victim, and may or may not be linguistically derived. Each of the three approaches, particularly 'dictionary attack', is frequently used as an umbrella term to denote all the three attacks and the spectrum of attacks encompassed by them.

Ankit Talwar - Web Designer

Ankit Talwar is the owner of http://www.Dead-Yahoo.com. He is a Web Designer.

Learning More About Notebook Computers

A notebook computer is a portable personal computer that can be carried along and used almost anywhere, much like a notebook. The notebook computer typically weighs about 3 kilograms (6.6 pounds) and is small enough to fit into a briefcase. The notebook computer usually has all the functionality of a desktop, but is less powerful, more expensive, and greater portability.

The first notebook computer available commercially was introduced to the public in 1981 and was named the Osborne 1. This notebook computer was understandably bulkier than the ones we get to see these days. Nevertheless, this revolutionary notebook computer -- which did not run on battery power and had to be plugged in for AC power -- took the business world by storm because of its portability, a feature that is notably absent in the heftier desktops.

Then came the Compaq Portable first made public in 1983 and also ran on AC power rather than batteries. This first-ever IBM-compatible notebook computer proved to better than the IBM's own Portable Computer that was introduced a year later.

The GRiD Compass 1101, released in 1982, was a notebook computer in the true sense of the term. The brainchild of William Moggridge, this notebook computer had the typical clamshell design -- where the screen folds and shuts against the keyboard -- that is now practically the industry standard. This notebook computer was not IBM-compatible, ran on batteries and had a prohibitively high price tag. As one may guess, it was used by the specific few -- mainly the military and astronauts.

The Sharp PC-5000 and the Gavilan notebook computer, appearing in 1984, are also worthy of special mention. As a matter of fact, the Gavilan was the first notebook computer that was promoted as a laptop and had a cursor control device resembling a touch pad. Both had LCD screens and clamshell cases.

The notebook computer called Kyocera Kyotronic, first introduced in 1983, powered by AA batteries, was a huge commercial success largely because of its portability, battery life and low price.

The first true IBM-compatible notebook computer was the IBM PC Convertible, introduced in 1986 -- followed by Toshiba T1000 and T1200 in the following year. In 1989, Apple introduced the Macintosh Portable notebook computer.

From 1991 on, innovations initiated by the PowerBook series of Apple became standard features in the modern notebook computer. These include built-in features like touch pad, palm rest, Ethernet networking, trackball, and 256-color displays. Then followed the Thinkpad series of IBM, which was a very popular notebook computer.

Now almost an essential gadget in the business world, the notebook computer is here to stay.

Susan Miller writes for several web sites, including http://club-product.com and http://reviewssource.com.