Hackers crack 16-character passwords in less than an HOUR

Discussion in 'privacy general' started by Seven64, May 28, 2013.

Thread Status:
Not open for further replies.
  1. Seven64

    Seven64 Guest

  2. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,910
    Location:
    U.S.A.
  3. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    991
    Location:
    Hawaii
    That's an excellent article, well worth reading, but let's not misinterpret the results by falling for the sensationalist heading at the top of the page. The crackers were not cracking 16-character random passwords.

    The 16-character password 'qeadzcwrsfxv1331' is not even vaguely random, since the first 12 characters follow a simple keyboard pattern that was bound to be tested.
     
  4. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Agree. Good article, and I picked up a tip or two. But those really were BAD passwords. Unfortunately, all I'm seeing people post is "All Passwords Can Be Cracked!" all over the place now. They must have missed the part where one guy says that in corporate environments with a good policy...they get nothing.

    PD
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Yeah, as I was saying here:

    As long as you use a good cipher with proper implementation and a strong passphrase, they can try 350 billion guesses per second, and it would still take them tens of thousands of years to brute-force [a known/tested algorithm like (probably) any of the AES finalists.]

    A fun little tool (and by tool, I mean an Excel spreadsheet with formulas included) can be found here. Look for the link at the bottom "BruteForce Attack Time Estimator".

    As the instructions mention though (be sure to read those), you need to be careful when using a calculator like this. Password-guessing software can be programmed to run through common and likely passwords first...cutting the guessing time down to virtually zero for the vast majority of passwords. [Which is what happened in the case mentioned in the OP.] This is where actual randomness comes into play. (If you want a good estimate of just how strong your password is, this entropy tool is the best I've seen. Definitely read the "introduction" link.)
     
  6. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    Why does this matter? It is not like anyone is going to use this crazy password cracking ability on YOU. Unless you are pedobear, Neuron the hacker or Osama Bin Laden 2.
     
  7. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Says you.
     
  8. Impet

    Impet Registered Member

    Joined:
    May 5, 2013
    Posts:
    894
    Great advice: Simply block the IP Address after X number of attempted logins and lock the account. ;)
     
  9. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    Yeah that password was pretty lame. :rolleyes:
     
  10. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
Loading...
Thread Status:
Not open for further replies.