“thereisnofatebutwhat*wemake”—Turbo-charged cracking comes to long passwords

Discussion in 'privacy problems' started by lotuseclat79, Aug 27, 2013.

Thread Status:
Not open for further replies.
  1. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Last edited: Aug 27, 2013
  2. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Correcthorsebatterystaple hash should be at the top of that list.
     
  3. chimpsgotagun

    chimpsgotagun Registered Member

    Joined:
    Dec 1, 2012
    Posts:
    55
    This was made by using only words and small letters. Kind of dictionary based attack, but now with a hyper large text databases using almost all the imaginable sentences you'd prolly come up with.

    But even insterting some capital letters will do the cracking harder, not to mention some gibberish, numbers, or "%!) type characters.

    Now, if somebody had a link to a nice web page with info on password strength like:
    If you use some non-words, but only small letters, the minimum length you need not to be cracked with estimated computer speed developing within 100 years, you need e.g. xxx characters. If you add a few capitals, you need 3x characters. If you add a few numbers, 2x characters. If you add some #¤&?=, 1x characters, etc. Some practical strength advice, that would be.
     
  4. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,981
    Location:
    U.S.A.
    FYI. How Secure Is My Password? | Password Haystacks.


     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I'm always weary of password strength testers. So often they don't factor in common dictionary attacks and just estimate based on keyspace. (And I'm not even sure they factor in the law of averages.)

    Those both told me correctbatteryhorsestaple would take a quintillion years to crack. (I realize it's not exactly in the top 10 most used passwords, but come on.)

    The best advice/analysis I've seen comes in the links given here.
     
  6. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,103
    Last edited: Sep 4, 2013
  7. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,157
    for me it's disturbing

    i did trust of truecrypt a loto_O

    now i'm going to change my router password every week
     
  8. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    See here.
     
  9. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    I use a Random Number Generator with upper and lower case letters; numbers special characters Underscore and dashes and whatever else the web site allows and I keep the passwords long (20 characters or more), I don't trust online password strength testers.
     
  10. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,157
    do you use a program to create a random number? like pwgen 2
     
  11. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,031
    < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-25};echo;

    --> KIh69uHzw70b1gJDP8beX7_8q

    < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-50};echo;

    --> ElQzDk80YmUd9cAJmuuhUFW9LMVd40Tny_ZulKBXMXJn0Bbg6j
     
  12. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
    Keepass has a pretty good password generator.
     
  13. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Keepass, both series 1xx and 2xx have random number password generators
    [edit] dogbite you beat me to it
     
  14. mantra

    mantra Registered Member

    Joined:
    Jan 25, 2005
    Posts:
    5,157
    does someone use this tool to test how turbo is it?
     
  15. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    From Password Haystacks (mentioned in post #4):
    Diceware strong master password generation method
     
Loading...
Thread Status:
Not open for further replies.