Password strength question - Page 2 - Techist - Tech Forum

Go Back   Techist - Tech Forum > Security | Computer, Devices, Software and Systems > General Security Topics
Click Here to Login
Thread Tools Display Modes
Old 06-10-2016, 02:30 PM   #11 (permalink)
iPwn's Avatar
Join Date: Nov 2013
Location: ::1
Posts: 73
Default Re: Password strength question

Originally Posted by carnageX View Post
The thing is, is crunching away at that one account worth 23 days to the attacker? Or is there worth somewhere else. I mean, all encryption can eventually be broken - it's just the amount of time that is the barring factor for how strong it is. If it's long enough to make it not worth the attack, wouldn't the attacker move onto something that could be more fruitful? Of course like I said, that's assuming you're not a high value target.

Listen guys...and apologies for not reading this entire thread in detail, but Length > Complexity... Always!

Let's say I want to get into your computer. Well first, I'm not going to brute force anything. I'm just to remove the password. Plain and simple.

But let's say I actually want to get your password. Well then I'm going to need to decrypt it. I won't go into a ton of detail, but that's going to require some effort. I'm going to start with a single character, then guess all possible characters. Then change to two characters and guess all those combinations. Then I move on to three, four... etc.

See how this works? Doesn't matter how complex your password is, it's just a matter of time before I get to 8... 10 characters. Now if you use a 20 character password, the time it takes me to crack that gets exponentially longer with each added character. The passphrase "I freaking hate my password its stupid" is so much better than "DFL#T#$*SD"

I can remember that phrase, it's easy, and it's going to take a very long time to decipher. An interesting anecdote. During a training for a (particular government agency that shall remain unnamed), the students were given the options to break into a WPA or WPA2 network. They obviously chose the WPA network. What they didn't know was that the WPA network had a 50 character password. After two days they gave up. LENGTH BEATS COMPLEXITY!!!!! ALWAYS!!!!


Let's pretend you're a bad guy who wants to see what people are using for passwords... why not host a site that spits out random time estimates on cracking passwords? Because that's exactly what those sites do.

Stay safe out there all.

AMD FX8350 Black | ASUS Sabertooth 990FX R2 | 16GB Corsair Ballistix Sport
2x R9 270X (CrossFire) | 256GB SSD + 1TB | Powered by Corsair CX750M

I am serious, and don't call me Shirley
iPwn is offline   Reply With Quote
Old 06-11-2016, 10:10 PM   #12 (permalink)
Lord Techie
S0ULphIRE's Avatar
Join Date: Mar 2007
Location: Australia
Posts: 9,015
Send a message via MSN to S0ULphIRE
Default Re: Password strength question

Originally Posted by carnageX View Post
The thing is, is crunching away at that one account worth 23 days to the attacker?
I'd say for one, it's not necessarily going to be a specifically targeted attack. SAM files, password databases etc get compromised all the time.

Secondly, 23 days was with one graphics card that would be vastly outperformed again by a single $400 gtx 1070.

23 days was also the absolute maximum time it'd take to *guarantee* cracking your password. But see the classic birthday probability puzzle - you only need 23 people in a room to have a 50% chance of 2 people already sharing the same birthday.

"As a result of all this hardship, dirt, thirst, and wombats, you would expect Australians to be a sour lot. Instead, they are genial, jolly, cheerful, and always willing to share a kind word with a stranger, unless they are an American." -- Douglas Adams
S0ULphIRE is online now   Reply With Quote

password strength

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Which PC Adapter has STRONGEST signal strength? alphacooler Computer Networking and Internet Hardware 1 07-24-2005 04:03 PM
To get signal strength. Narayana vivek Computer Networking and Internet Hardware 7 03-22-2005 01:56 PM
Industrial strength wireless?? jinexile Monitors, Printers and Peripherals 2 02-16-2005 06:19 PM
Signal strength... 4W4K3 Computer Networking and Internet Hardware 8 12-03-2004 11:49 PM
Cipher Strength Appears as 0 Bit in Internet Explorer tahrens Monitors, Printers and Peripherals 1 01-20-2004 03:48 PM

Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:07 PM.

Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2019, vBulletin Solutions, Inc.