Use this tool to check how strong your password is

Nephew_

Senior Member
Joined
Sep 2, 2009
Messages
706
But the whole password thing is a bit bollox. For example, if I want to hack someones gmail password, I will be kicked/rejected after x amount of failed attempts, so the powerful computer will help you zip-all. Even if you change your ISP Ip and cookies, you might be lucky to have 10 attempts per minute.
 

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,533
I'm a little nervous that as the telco noise/pushback increases globally, Facebook will see an opportunity to monetise WhatsApp by licensing it to telcos, which we'll see in our data charges...

:erm: :erm: :erm: :erm:
 

kianm

Honorary Master
Joined
Jan 13, 2014
Messages
10,533
The hackers pretending to be Kaspersky Lab are getting a nice collection of passwords :)

Mixed case, mixed alpha, numeric and special signs are only important for a human hacker.
Once one sets a computer up to crack a password by brute force any character is as good as any other. The only thing which makes a difference is the length.

And lockout policies ;)
 

CataclysmZA

Executive Member
Joined
Apr 1, 2010
Messages
5,531
Kaspersky Lab just fell out of my good books with this pathetic publicity stunt.

You can brute force a hash by trying to match it, if you have the knowledge of how it was created and through which algorithm. So long as you have a copy of that hashed password, you can run as many tries at it as you want with as little latency as your system allows. It's a similar story with encrypted data - so long as you know what encryption standard was used, this can narrow down the amount of time you spend trying to generate passwords that successfully decrypt the data.

If someone used the heartbleed exploit to farm for account names and hashed passwords, they could try brute forcing the hashes because they have a copy of the secret key and knowledge of which hashing algorithm was used. That's how many people's accounts were deemed to be vulnerable on services affected by heartbleed because they could have been using passwords that had already been stolen and were probably cracked already.

You never brute force a system unless there's no lock-out policies and you can stay hooked up to it without alerting the system admins. You always try to brute-force the hash in your own time.
 
Last edited:
Top