Editing Talk:936: Password Strength
Please sign your posts with ~~~~ |
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 18: | Line 18: | ||
:It took 1.25 hours to bruteforce "correcthorsebatterystaple" using the 2,000 most common words with one CPU. [[User:Lieutenant S.|Lieutenant S.]] ([[User talk:Lieutenant S.|talk]]) 07:09, 9 September 2014 (UTC) | :It took 1.25 hours to bruteforce "correcthorsebatterystaple" using the 2,000 most common words with one CPU. [[User:Lieutenant S.|Lieutenant S.]] ([[User talk:Lieutenant S.|talk]]) 07:09, 9 September 2014 (UTC) | ||
:: 1) ... as compared to 69 milliseconds for the other method. 2) Since you are able to test 3,9 billion passwords as second (very impressive!) I am guessing that your setup is not performing its attack over a ”weak remote service”, which is breaking the rules of the #936 game. 3) five words and a 20k-wordlist would get you 9400 years (still breaking the weak remote service rule).--[[User:Gnirre|Gnirre]] ([[User talk:Gnirre|talk]]) 09:13, 14 October 2014 (UTC) | :: 1) ... as compared to 69 milliseconds for the other method. 2) Since you are able to test 3,9 billion passwords as second (very impressive!) I am guessing that your setup is not performing its attack over a ”weak remote service”, which is breaking the rules of the #936 game. 3) five words and a 20k-wordlist would get you 9400 years (still breaking the weak remote service rule).--[[User:Gnirre|Gnirre]] ([[User talk:Gnirre|talk]]) 09:13, 14 October 2014 (UTC) | ||
− | |||
Sometimes this is not possible. (I'm looking at you, local banks with 8-12 character passwords and PayPal) If I can, I use a full sentence. A compound sentence for the important stuff. This adds the capitalization, punctuation and possibly the use of numbers while it's even easier to remember then Randall's scheme. I think it might help against the keyloggers too, if your browser/application autofills the username filed, because you password doesn't stand out from the feed with being gibberish. [[Special:Contributions/195.56.58.169|195.56.58.169]] 09:01, 30 August 2013 (UTC) | Sometimes this is not possible. (I'm looking at you, local banks with 8-12 character passwords and PayPal) If I can, I use a full sentence. A compound sentence for the important stuff. This adds the capitalization, punctuation and possibly the use of numbers while it's even easier to remember then Randall's scheme. I think it might help against the keyloggers too, if your browser/application autofills the username filed, because you password doesn't stand out from the feed with being gibberish. [[Special:Contributions/195.56.58.169|195.56.58.169]] 09:01, 30 August 2013 (UTC) |