Following on from a recent article , The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time I've been testing my password, which is similar to but not "F9JYrr&wr>n;=J`E" or the old wifi password at Cavern which was "wxc6kl876b97o7c"
wxc6kl876b97o7c - 13 day to to crack.
F9JYrr&wr>n;=J`E - 1 year to crack
thenameofmygoldfishisjim - 15 centuries
you'll need a Tianhe-2 to get these cracking times.
How do your password stack up?
How secure is your password
Don't underestimate the power of cryptographic hash collisions.dv8inpp wrote:wxc6kl876b97o7c - 13 day to to crack.
F9JYrr&wr>n;=J`E - 1 year to crack
thenameofmygoldfishisjim - 15 centuries
Bless
- Felgerkarb
- Sir Felgerkarb, Kt Pb
- Reactions: 240
- Posts: 9138
- Joined: Mon Jun 18, 2007 3:22 am
- Location: Castle Felgerkarb, Felgerkarbia (Formerly Preah Vihear)
- Contact:
Lol
====================
Why are the gods such vicious cunts?
Where is the god of tits and wine?
Why are the gods such vicious cunts?
Where is the god of tits and wine?
-
- I have Cheap Mobile Internet
- Reactions: 0
- Posts: 410
- Joined: Sun Dec 25, 2011 7:54 am
- Location: PP
It would not matter for pass-the-hash style of attacks. Anyway no matter how much security your implement there are always ways around it
What are you testing your passwords with?
Please tell us it is some random online website.
If I'd setup a site like that I would ask for your facebook and/or e-mail address to send the results to.
Let's see how many accounts we gain access to after a month.
What are you testing your passwords with?
Please tell us it is some random online website.
If I'd setup a site like that I would ask for your facebook and/or e-mail address to send the results to.
Let's see how many accounts we gain access to after a month.
Some dodgy Russian site. Pretty sure they have no idea about security. Probably just phising
But atleast they are Klingon friendly
CHAW’ NGOQ DALO’BOGH YIGHITLHQO’
GHOJMOH NEH JANVAM NET HECH. — CHAW’ NGOQMEYLIJ POLBE’ ’EJ BOSBE’ KASPERSKY QULPA’.
But atleast they are Klingon friendly
CHAW’ NGOQ DALO’BOGH YIGHITLHQO’
GHOJMOH NEH JANVAM NET HECH. — CHAW’ NGOQMEYLIJ POLBE’ ’EJ BOSBE’ KASPERSKY QULPA’.
Well, if the cracking algorithm also uses a dictionary 'thenameofmygoldfishisjim' will be cracked in 15 minutes rather than 15 centuries.dv8inpp wrote:Following on from a recent article , The Guy Who Invented Those Annoying Password Rules Now Regrets Wasting Your Time I've been testing my password, which is similar to but not "F9JYrr&wr>n;=J`E" or the old wifi password at Cavern which was "wxc6kl876b97o7c"
wxc6kl876b97o7c - 13 day to to crack.
F9JYrr&wr>n;=J`E - 1 year to crack
thenameofmygoldfishisjim - 15 centuries
you'll need a Tianhe-2 to get these cracking times.
How do your password stack up?
four word password dictionary attack in 4 days or less
You are right that using only 4 lower case words is not that good, but at the same time using more words does significantly increase cracking time also capitalizing adds significant time.
You are right that using only 4 lower case words is not that good, but at the same time using more words does significantly increase cracking time also capitalizing adds significant time.
dv8, the speed depends on the hash algorithm. NIST standard algorithms are deliberitely made slower with each iteration due to Moore's law, and more recently CUDA. MD5 is faster to calculate than SHA256, for example. See oclhashcat for reliable real life benchmarks
Keep in mind that these attacks are against the cryptographic hashsum, it is not a bruteforce attack against e.g. a login form. In order to retrieve the hashsum the adversary must already have read access to the database where they are stored. Usually when such access exists, an attacker has write access to the software that performs those calculations. An attacker can simply modify such software to store passwords for successful logins in plaintext. That way an attacker retrieves your plaintext password the next time you login regardless of character entropy and so called "password strength", because hashing mechanisms need the plaintext to perform the hashing calculations.
The gist is to use unique passwords per service. Whether intrusions happen or not depends on the developer of the software, not the user. Guard yourself with unique passwords per service.
Bless
Keep in mind that these attacks are against the cryptographic hashsum, it is not a bruteforce attack against e.g. a login form. In order to retrieve the hashsum the adversary must already have read access to the database where they are stored. Usually when such access exists, an attacker has write access to the software that performs those calculations. An attacker can simply modify such software to store passwords for successful logins in plaintext. That way an attacker retrieves your plaintext password the next time you login regardless of character entropy and so called "password strength", because hashing mechanisms need the plaintext to perform the hashing calculations.
The gist is to use unique passwords per service. Whether intrusions happen or not depends on the developer of the software, not the user. Guard yourself with unique passwords per service.
Bless
You mean the pw equivalent to burner phones? Who's doing that in real life?
I have basic passwords for stuff that's not important, expedia, khmer440 etc and then it jumps up to upper/lower case, different symbols and letters.
13##@&()ballsup2
13##@&()ballsup2
pew, pew, pew, pew!
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Where is the password reset box on login page?
by Need new password » Wed Apr 20, 2022 2:24 pm » in Questions and Answers - 3 Replies
- 639 Views
-
Last post by Alexandra
Wed Apr 20, 2022 5:46 pm
-
-
- 6 Replies
- 924 Views
-
Last post by Alex
Fri Aug 28, 2020 7:16 am