Tests and quizzes creation with UniTest System software. Web Design. Software Development. Language Translation ...

Table of Contents
Security Overview
Tests and Test Results Protection
UniTest Starter
UniTest Direct

 Online Help System: UniTest System

Security Overview

If you have the information
then you have someone who needs it

History has many examples of people using encryption to protect their data. Even the ancient Egyptians used encryption to protect important information. But there always were cases, in which someone wanted to get this information illegally.

Attack: Algorithm Weakness

Currently we use advanced, mathematically checked methods to protect our information - but algorithm weakness is still rampant.

Many algorithm analyzers work to reveal encryption algorithms weakness. For example, after analyzing the DES encryption algorithm (DES was the main encryption standard for more than 20 years) specialists found that DES is vulnerable to some attack types.

Currently only few encryption standards are equipped with strong algorithms. Among them are:

  1. Blowfish (Bruce Schneier)
  2. IDEA (Xuejia Lia and James Massey)
  3. RC5/RC6 (Ron Rivest)
  4. GOST (Group of Russian scientists)

Attack: By the "Brute Force" method.

In our days of powerful and exponentially fast improving computer technologies, a "brute force" attack becomes the first (and sometimes the only) method available to crack passwords.

Cuurently we have developed very advanced encryption algorithms and algorithm weakness is not as common as it was before. But here comes "brute force".

The main idea of the "brute force" method is to search for a password by trying to use all possible passwords combinations. So this method tries to directly select the unique correct password from all possible (hence its "brute force" name).

The main limitation of this method is password length. The longer the password, the more combinations it has.

For example, to find any 4-character password that contains only English letters and numbers (from 0 to 9) you need to try only (26 letter + 10 numbers)^(4 characters) =1679616 possible combinations. This requires only a few seconds on a Pentium III computer; no special devices are required, which makes this work even faster.

But to find any 6-character password you need to try (26+10)^6 = 2176782336 possible combinations or approximately 38880 seconds (10 hours and 48 seconds). To find 7-character password you need to try 78364164096 combinations or 16 days and 5 hours. To find 8-character password you need to try 2821109907456 combinations or 583 days and 5 hours. And for 9-character password it's 57,5 years!

Now let's say we use not only letters in lower case but in upper case too (24 letters in lower case plus 24 in upper case). This way we'll get 4206,8 years for cracking a 9-character password!

Now you can see clearly the way to overcome eventual "brute force" risks for your data security:
Password length (in characters) 26+10=36 used letters 26+26+10=62 used letters
6 10 h. 48 min. 11 days 17 h.
7 16 days 5 h. 2 years
8 583 days 5 h. 123,6 years
9 57,5 years 7667 years
10 2070,7 years 475,3 millenniums

Of course, here we do not stress technology progress but the picture is quite clear.

However, there are two big BUTs:

  1. This is the time required to move through all possible combinations, i.e. the maximum number of combinations you may need to try to get the correct password. But your password might be somewhere in the middle, in which case your passport will be cracked in only half of the abovementioned time.
  2. And even more important, a sophisticated cracker only needs only the 100-th part of that time to get your password, because almost everyone select their passwords for easy-to-remember but not for hard-to-break characteristics.

For example, if you think that if you'll decide to protect your data with the "supervisor" (10 characters) password, that password will be cracked not after thousands of years, but in a minute. Because first of all the cracker will compare your password with recently used passwords lists. Usually it's a very big dictionary of frequently used passwords, that will be checked in a few minutes, because even a very big dictionary has 150 000 - 300 000 words (i.e. combinations).

Also, it won't be hard to break "supervisor274" password because usually number combinations before and after word are checked automatically too. Nevertheless, the added numerals contribute to your original password.

That's why you need to select your password carefully. There are some common rules to make your password stronger.

Password Security Requirements

  1. Your password must have at least 8 (or better more than 8) characters
  2. Your password must not include names or existing words in any common language, your credit card number (at least the public part of that number), street names, phone numbers, etc. But it's possible to include in password any private data only you know about.
  3. In a password it's better to use as many different characters as possible. Characters variety is almost as important as password length. To do this you can use lower and upper letters case, numbers and other characters (!"?;%:?*()_+/@#$%...).

For better security it's recommended to change password at least once in a quarter.

Encryption Algorithm Used in UniTest System

UniTest System uses 448-bit Blowfish - proved enterprise strength encryption standard (see UniTest System Tests and Test Results Protection).


See Also:

UniTest System Tests and Test Results Protection

Home :: News :: Products :: Services :: Support :: Feedback :: About