hellfire
Honorary Master
- Joined
- Sep 25, 2007
- Messages
- 11,488
Had similar outputs
-
Question of the day ~ Should Telkom and Rain merge?
Use this tool to check how strong your password is
- Thread starter Kevin Lancaster
- Start date
-
- Tags
- password
I tried this too. Pass phrases really seem to be the way to go.
Chris.Geerdts
Expert Member
- Joined
- Nov 1, 2014
- Messages
- 2,230
I wonder how many people type in passwords they are actually using. The server on the other side could happily scoop up all the attempts into a useful dictionary of words to attempt with.
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,531
Kaspersky says 5 months for one of my newer passwords, but HSIMP says two quadrillion years. Kaspersky's rating system is tuned to award complex passwords with punctuation and capital letters higher scores. I've used long, 4-6 word strings as passwords for a while for sites that have double-factor authentication or that don't transfer my password in cleartext to the server.
We don't really need to do that today, decades of storing passwords in plaintext in databases accessible online to hackers and governments. have done all the work for us. We don't even need to create really powerful computers for guessing PIN codes for bank accounts, because human nature tells us how people approach choosing a PIN.
[video=youtube;MY3XWYr726I]https://www.youtube.com/watch?v=MY3XWYr726I[/video]
We don't really need to do that today, decades of storing passwords in plaintext in databases accessible online to hackers and governments. have done all the work for us. We don't even need to create really powerful computers for guessing PIN codes for bank accounts, because human nature tells us how people approach choosing a PIN.
[video=youtube;MY3XWYr726I]https://www.youtube.com/watch?v=MY3XWYr726I[/video]
Last edited:
pinball wizard
Honorary Master
- Joined
- Feb 9, 2010
- Messages
- 32,835
Only way to do it.
pinball wizard
Honorary Master
- Joined
- Feb 9, 2010
- Messages
- 32,835
It said 2293 centuries for a string similar to what I generally use.
You want me to enter my password to see how strong it is?
Really?
And you're not harvesting the passwords for use in your sister operation that hacks?
You'll have my IP and my 'secure' password.
And it's safe with ya?
Really??
I have this bridge in New York...
Really?
And you're not harvesting the passwords for use in your sister operation that hacks?
You'll have my IP and my 'secure' password.
And it's safe with ya?
Really??
I have this bridge in New York...
CataclysmZA
Executive Member
- Joined
- Apr 1, 2010
- Messages
- 5,531
Both sites seem to generate hashes of your passwords, neither one accepts it in plain text. They're analysing the strength of the hashed data, not your actual password.
- Joined
- Feb 23, 2005
- Messages
- 86,555
FTFY
- Joined
- Feb 23, 2005
- Messages
- 86,555
FTFY
Don't try to fix what wasn't broken.
They say not to enter your real password. If you can't follow that simple instruction you probably deserve what befalls you.
atomcrusher
Expert Member
- Joined
- Jun 27, 2006
- Messages
- 4,208
And here I thought I was being very clever & security-conscious by using #ZumaMustFall for all my passwords
Don't try to fix what wasn't broken.
They say not to enter your real password. If you can't follow that simple instruction you probably deserve what befalls you.
faniebraai
RIP
- Joined
- Dec 7, 2010
- Messages
- 78,906
wrong thread SJW
The hackers pretending to be Kaspersky Lab are getting a nice collection of passwords
Mixed case, mixed alpha, numeric and special signs are only important for a human hacker.
Once one sets a computer up to crack a password by brute force any character is as good as any other. The only thing which makes a difference is the length.
Mixed case, mixed alpha, numeric and special signs are only important for a human hacker.
Once one sets a computer up to crack a password by brute force any character is as good as any other. The only thing which makes a difference is the length.
This tool (and most others) is a load of nonsense for the following reasons.
1. It assumes that there is no latency present during the brute force attempt.
e.g. If your password is securing a website it assumes that the network and web server response times are 0 milliseconds and that it can immediately try the next sequence. Alternatively it assumes that the web server can handle an infinite number of simultaneous threads which is not possible with any web server in the world.
2. It assumes that the system being brute forced doesn't have a password lock out policy.
Every system that I use has measures in place to prevent brute force attempts by either delaying authentication process or locking the account out after 3 to 5 failed attempts. This stops brute force attacks in their tracks.
Kaspersky Lab just fell out of my good books with this pathetic publicity stunt.
1. It assumes that there is no latency present during the brute force attempt.
e.g. If your password is securing a website it assumes that the network and web server response times are 0 milliseconds and that it can immediately try the next sequence. Alternatively it assumes that the web server can handle an infinite number of simultaneous threads which is not possible with any web server in the world.
2. It assumes that the system being brute forced doesn't have a password lock out policy.
Every system that I use has measures in place to prevent brute force attempts by either delaying authentication process or locking the account out after 3 to 5 failed attempts. This stops brute force attacks in their tracks.
Kaspersky Lab just fell out of my good books with this pathetic publicity stunt.