How secure is your password? Who wins?!

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Toggle sidebar Toggle sidebar
Jeff7

Jeff7

Lifer
Jan 4, 2001
41,596
20
81
Anywhere from 4 days to 4 octillion years.


Fun thing there - a password that's all the same character with the exception of one of them (55555555555555555a55555) or (___________k___________) is reasonably secure.

It definitely favors longer passwords though.


OCGuy said:
Make sure you put in your SSN too.

It isnt as secure as you think:

http://www.pcpro.co.uk/blogs/2011/0...-could-crack-your-password-in-under-a-second/

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second"
Click to expand...
o_O
I guess we didn't need to get all the way to quantum computers to make conventional security methods useless.
 
Last edited:
lxskllr

lxskllr

No Lifer
Nov 30, 2004
60,056
10,546
126
illusion88 said:
Hmmm... you are giving someone an ip address along with a string of charecters... I wonder what the super hacker behind it will do with it?
Click to expand...

The guy who owns the site suggested he could make a cake with them :^D
 
PottedMeat

PottedMeat

Lifer
Apr 17, 2002
12,363
475
126
hmm
----------------------------------------- = instantly
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa = About 7 septendecillion years
 
SMOGZINN

SMOGZINN

Lifer
Jun 17, 2005
14,359
4,640
136
Jeff7 said:
Anywhere from 4 days to 4 octillion years.


Fun thing there - a password that's all the same character with the exception of one of them (55555555555555555a55555) or (___________k___________) is reasonably secure.

It definitely favors longer passwords though.
Click to expand...

Right, I tried a password that was just the number 1 repeated 32 times and it tells me "About 12 quintillion years" all it seems that at least with long passwords length is much more important then content.

illusion88 said:
Hmmm... you are giving someone an ip address along with a string of charecters... I wonder what the super hacker behind it will do with it?
Click to expand...

Maybe build a better hacker dictionary?
 
vshah

vshah

Lifer
Sep 20, 2003
19,003
24
81
It would take
About 22 septillion years
for a desktop PC to crack your password
 
yh125d

yh125d

Diamond Member
Dec 23, 2006
6,886
0
76
9 days. Not bad for a password that only qualifies the bare minimum for many sites (8 characters, 1 capital and 1 letter minimum)
 
vshah

vshah

Lifer
Sep 20, 2003
19,003
24
81
OCGuy said:
Make sure you put in your SSN too.

It isnt as secure as you think:

http://www.pcpro.co.uk/blogs/2011/0...-could-crack-your-password-in-under-a-second/

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second"
Click to expand...

what well designed system is going to respond to billions of password requests per second? most shut down after just a few incorrect tries.
 
Nintendesert

Nintendesert

Diamond Member
Mar 28, 2010
7,761
5
0
vshah said:
what well designed system is going to respond to billions of password requests per second? most shut down after just a few incorrect tries.
Click to expand...


That's not how it's done. They get the hash and attempt to crack that not randomly putting passwords into a login server. Granted this can be very difficult with properly salted hashes and those not using outdated encryption methods and this is part of the problem with what happened to Sony. They didn't even do that much. It was stored in plain text.

All everyone is doing by putting real passwords into that website is building a better dictionary.
 
GoodRevrnd

GoodRevrnd

Diamond Member
Dec 27, 2001
6,801
581
126
wow 10 days and i thought my pw was pretty good as there are no dictionary words. seems like length matters more than anything. "thisismypassword" takes 5mil years.
 
lxskllr

lxskllr

No Lifer
Nov 30, 2004
60,056
10,546
126
Nintendesert said:
All everyone is doing by putting real passwords into that website is building a better dictionary.
Click to expand...

As opposed to just making shit up like most people do with their passwords, and can be easily replicated by a computer?
 
T

Turin39789

Lifer
Nov 21, 2000
12,218
8
81
Length is all that matters.

It claims

fartcanexhaustsarereallyfuckingloud

would take 4 decillion years. No caps or special characters!
 
blackangst1

blackangst1

Lifer
Feb 23, 2005
22,902
2,359
126
I have two main passwords...one for general stuff (email, websites, etc) and one more complex for my Truecrypt partition.

Honestly, I dont feel secure typing my passwords on a non-encrypted site who's owner lives in the UK. So I dont have an answer :p
 
Nintendesert

Nintendesert

Diamond Member
Mar 28, 2010
7,761
5
0
lxskllr said:
As opposed to just making shit up like most people do with their passwords, and can be easily replicated by a computer?
Click to expand...



Starting from a list of known used passwords is more valuable than starting off with random nonsense. There are some that are used over and over again by people, dictionaries start there. The whole 1qaz2wsx!QAZ@WSX shit is tried well before any random keyboard pounding because someone out there does have to remember it. People have patterns, even collectively. You all are helping create and establish a pattern that people can use to exploit.
 
M

Merad

Platinum Member
May 31, 2010
2,586
19
81
Seriously, does no one know how to view source? It's a simple javascript calculation, running on your machine.
 
FoBoT

FoBoT

No Lifer
Apr 30, 2001
63,084
15
81
fobot.com
duck_hunt_dog_laughing.gif

About 6 duodecillion years
 
Last edited:
lxskllr

lxskllr

No Lifer
Nov 30, 2004
60,056
10,546
126
Nintendesert said:
Starting from a list of known used passwords is more valuable than starting off with random nonsense. There are some that are used over and over again by people, dictionaries start there. The whole 1qaz2wsx!QAZ@WSX shit is tried well before any random keyboard pounding because someone out there does have to remember it. People have patterns, even collectively. You all are helping create and establish a pattern that people can use to exploit.
Click to expand...

You're grasping at straws. Assuming the site was harvesting passwords, they'd still have exactly nothing for the effort.
 
silverpig

silverpig

Lifer
Jul 29, 2001
27,703
12
81
Merad said:
Seriously, does no one know how to view source? It's a simple javascript calculation, running on your machine.
Click to expand...

I was initially skeptical too until I figured this out too.

Of course I'm no internet pro so maybe some guy managed to figure out a way to get my password anyways, but it seems to me it all is run locally.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom