Tumblr 101: Tips And Tricks To Get Started
Sebastian Thrun: Google's Driverless Car
Brute Force Calculator finds your password's staying power
Pay Hackosis a visit, and try out their Brute Force Calculator, an Open Source PHP app based on an Excel spreadsheet from Mandylion Labs.
Hackosis' calculator asks for details about your password - not the password itself. Using the information you provide and some quick computational Kung Fu, you'll get a rough idea of how long it would take someone to discover the correct secret word.
If you use as many web apps as we do, it's essential to use strong, secure passwords. Even if you use a password generator like LastPass, it never hurts to test them.
[ via gHacks ]
Comments
10
Subscribe to commentsToddNov 11th 2008 5:19PM
My results:
"...Your password is 22 characters long and has 569,507,798,450,466,482,558,217,486,336 combinations. It takes 2,071,857,301,236,255,744.00 hours or 86,327,387,551,510,656.00 days to crack your password on computer that tries 137,438,953,472 passwords per hour."
I think I am good for the moment.
MartinNov 11th 2008 5:25PM
Todd that's if the attacker uses one computer :)
InfinityversNov 11th 2008 6:55PM
I have been told to use both upper case and lower case letters and numbers too.
But if I use this in the calculator, I get worse result than if I had used only upper case or lower case letters.
Can someone explain this please?
InfinityversNov 11th 2008 7:00PM
Using both lower case and upper case letters seems to be the same as using only upper or lower.
justaguyNov 11th 2008 11:00PM
Wait a second...
According to the site: 137,438,953,472 password attempts an hour,
which is 2,290,649,224 a minute
which is 38,177,487 a second.
38 million passwords a second on a "typical PC processor in 2008" ????
That seems a little high to me.
sicsidedNov 12th 2008 12:09AM
Who says you'll be using your CPU?
Get 4 graphics cards crunching those numbers with their processors and you can hit that number easily.
agashkaNov 12th 2008 1:53AM
I second that, using CUDA, your supposed to do about 130,000,000/sec
And I've been developping a md5 cracker (as side project) that take advantage of multicore computers, cracking @ (only) ~20,000,000/sec per cores.
Split the work, do the math, and you got yourself any password beaten in no time.
Stuart HallidayNov 12th 2008 8:56AM
The fact is that any decent GUI has to process the entered password and then after say 10 times it will lock you out for at least 10 minutes.
If it's a web site, then entering passwords via a POST url will never be more than 100 a second even with fast broadband.
I'd like to think sites like Paypal or Banks will have measures to stop hundreds of password attempts on the one account?
If you allow a password hacking program on your computer it still has to scan your files for passwords. So it's the way these files are encrypted that is important.
So the times are meaningless.
JoséNov 12th 2008 2:57PM
I second that.
kemmlerJan 5th 2009 10:33AM
It's not meaningless. The attacker theoretically intercepts the hash of your password, cracks it at their leisure locally, then comes back and enters it once they get a result.