• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

How secure is your password? Who wins?!

Page 3 - Seeking answers? Join the AnandTech community: where nearly half-a-million members share solutions and discuss the latest tech.
Anywhere from 4 days to 4 octillion years.


Fun thing there - a password that's all the same character with the exception of one of them (55555555555555555a55555) or (___________k___________) is reasonably secure.

It definitely favors longer passwords though.


OCGuy said:
Make sure you put in your SSN too.

It isnt as secure as you think:

http://www.pcpro.co.uk/blogs/2011/0...-could-crack-your-password-in-under-a-second/

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second"
Click to expand...
😵
I guess we didn't need to get all the way to quantum computers to make conventional security methods useless.
 
Last edited:
hmm
----------------------------------------- = instantly
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa = About 7 septendecillion years
 
Jeff7 said:
Anywhere from 4 days to 4 octillion years.


Fun thing there - a password that's all the same character with the exception of one of them (55555555555555555a55555) or (___________k___________) is reasonably secure.

It definitely favors longer passwords though.
Click to expand...

Right, I tried a password that was just the number 1 repeated 32 times and it tells me "About 12 quintillion years" all it seems that at least with long passwords length is much more important then content.

illusion88 said:
Hmmm... you are giving someone an ip address along with a string of charecters... I wonder what the super hacker behind it will do with it?
Click to expand...

Maybe build a better hacker dictionary?
 
9 days. Not bad for a password that only qualifies the bare minimum for many sites (8 characters, 1 capital and 1 letter minimum)
 
OCGuy said:
Make sure you put in your SSN too.

It isnt as secure as you think:

http://www.pcpro.co.uk/blogs/2011/0...-could-crack-your-password-in-under-a-second/

The results are startling. Working against NTLM login passwords, a password of “fjR8n” can be broken on the CPU in 24 seconds, at a rate of 9.8 million password guesses per second. On the GPU, it takes less than a second at a rate of 3.3 billion passwords per second"
Click to expand...

what well designed system is going to respond to billions of password requests per second? most shut down after just a few incorrect tries.
 
vshah said:
what well designed system is going to respond to billions of password requests per second? most shut down after just a few incorrect tries.
Click to expand...


That's not how it's done. They get the hash and attempt to crack that not randomly putting passwords into a login server. Granted this can be very difficult with properly salted hashes and those not using outdated encryption methods and this is part of the problem with what happened to Sony. They didn't even do that much. It was stored in plain text.

All everyone is doing by putting real passwords into that website is building a better dictionary.
 
wow 10 days and i thought my pw was pretty good as there are no dictionary words. seems like length matters more than anything. "thisismypassword" takes 5mil years.
 
Length is all that matters.

It claims

fartcanexhaustsarereallyfuckingloud

would take 4 decillion years. No caps or special characters!
 
I have two main passwords...one for general stuff (email, websites, etc) and one more complex for my Truecrypt partition.

Honestly, I dont feel secure typing my passwords on a non-encrypted site who's owner lives in the UK. So I dont have an answer 😛
 
lxskllr said:
As opposed to just making shit up like most people do with their passwords, and can be easily replicated by a computer?
Click to expand...



Starting from a list of known used passwords is more valuable than starting off with random nonsense. There are some that are used over and over again by people, dictionaries start there. The whole 1qaz2wsx!QAZ@WSX shit is tried well before any random keyboard pounding because someone out there does have to remember it. People have patterns, even collectively. You all are helping create and establish a pattern that people can use to exploit.
 
Seriously, does no one know how to view source? It's a simple javascript calculation, running on your machine.
 
duck_hunt_dog_laughing.gif

About 6 duodecillion years
 
Last edited:
Nintendesert said:
Starting from a list of known used passwords is more valuable than starting off with random nonsense. There are some that are used over and over again by people, dictionaries start there. The whole 1qaz2wsx!QAZ@WSX shit is tried well before any random keyboard pounding because someone out there does have to remember it. People have patterns, even collectively. You all are helping create and establish a pattern that people can use to exploit.
Click to expand...

You're grasping at straws. Assuming the site was harvesting passwords, they'd still have exactly nothing for the effort.
 
Merad said:
Seriously, does no one know how to view source? It's a simple javascript calculation, running on your machine.
Click to expand...

I was initially skeptical too until I figured this out too.

Of course I'm no internet pro so maybe some guy managed to figure out a way to get my password anyways, but it seems to me it all is run locally.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top