Hackers crack 16-character passwords in less than an HOUR

Discussion in 'privacy general' started by Seven64, May 28, 2013.

Thread Status:
Not open for further replies.
  1. Seven64

    Seven64 Guest

    Seven64, May 28, 2013
    #1
  2. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    98,077
    Location:
    U.S.A.
    JRViejo, May 28, 2013
    #2
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    That's an excellent article, well worth reading, but let's not misinterpret the results by falling for the sensationalist heading at the top of the page. The crackers were not cracking 16-character random passwords.

    The 16-character password 'qeadzcwrsfxv1331' is not even vaguely random, since the first 12 characters follow a simple keyboard pattern that was bound to be tested.
     
    dantz, May 28, 2013
    #3
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Agree. Good article, and I picked up a tip or two. But those really were BAD passwords. Unfortunately, all I'm seeing people post is "All Passwords Can Be Cracked!" all over the place now. They must have missed the part where one guy says that in corporate environments with a good policy...they get nothing.

    PD
     
    PaulyDefran, May 30, 2013
    #4
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Yeah, as I was saying here:

    As long as you use a good cipher with proper implementation and a strong passphrase, they can try 350 billion guesses per second, and it would still take them tens of thousands of years to brute-force [a known/tested algorithm like (probably) any of the AES finalists.]

    A fun little tool (and by tool, I mean an Excel spreadsheet with formulas included) can be found here. Look for the link at the bottom "BruteForce Attack Time Estimator".

    As the instructions mention though (be sure to read those), you need to be careful when using a calculator like this. Password-guessing software can be programmed to run through common and likely passwords first...cutting the guessing time down to virtually zero for the vast majority of passwords. [Which is what happened in the case mentioned in the OP.] This is where actual randomness comes into play. (If you want a good estimate of just how strong your password is, this entropy tool is the best I've seen. Definitely read the "introduction" link.)
     
    JackmanG, May 30, 2013
    #5
  6. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    Why does this matter? It is not like anyone is going to use this crazy password cracking ability on YOU. Unless you are pedobear, Neuron the hacker or Osama Bin Laden 2.
     
    DesuMaiden, Jun 4, 2013
    #6
  7. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Says you.
     
    JackmanG, Jun 5, 2013
    #7
  8. ance

    ance formerly: fmon

    Joined:
    May 5, 2013
    Posts:
    1,359
    Great advice: Simply block the IP Address after X number of attempted logins and lock the account. ;)
     
    ance, Jun 5, 2013
    #8
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    Yeah that password was pretty lame. :rolleyes:
     
    Noob, Jun 8, 2013
    #9
  10. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Last edited: Jun 9, 2013
    JackmanG, Jun 8, 2013
    #10
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...