• Posts: 191
• Loc: down a creek without a paddle

3+ Months Ago

Just something I thought was cool.
Attachments:
• Guru
• Posts: 1089
• Loc: Same place you left me.

3+ Months Ago

This is pretty spotty.

Obviously a dictionary attack will not work for either of these and based off their image, were also making the assumption that we don't have access to the hashed password, so no rainbow tables. That means were going to brute force it. We're going to also make the assumption that the location the password is being used at does not have password requirements that would prohibit either password(meaning forcing you to have a letter, upper case letter, number, symbol). That being said, here are the results:

If you use their example of correcthorsestaplebattery you're looking at roughly a quintillion years to crack it on a desktop PC if it is being brute forced.

Heres the math on that: 26 possible characters(n) and 25 characters of length(r). So to arrive at the result, were need to do (n^r). That returns roughly 236 decillion permutations. Using an average desktop PC that means it would take roughly a quintillion years to crack(4 billion calculations per second).

Now, since the example doesn't compare apples to apples, we're going to adjust their password a little bit. The new password will be Blue345Current-)%!DragonS. Using this password, we're looking at about 1 nonillion years to brute force it.

Heres the math on that: 77 character combinations are required to access the letters, numbers and symbols used. Adjusting this password slightly would increase it to 96 character combinations(Blue345Current-)%!DragonStorm[238167). The full password show here was generated using our company password tool which makes use of a specialized algorithm designed specifically to make brute forcing an impossibility and provide combinations not found in rainbow tables.

So, using the first password(shortened for length to match(25) the example they provided, were looking at the same math(n^r) to solve the number of permutations. In this case its (77^25). In their example we were looking at (26^25). This means with our password were at 145 quattuordecillion permutations. At 4 billion per second, were looking at 1 nonillion years to crack it.

End result: If a website does not require specific guidelines, you are far better off with a long password that makes use of as many possible characters as possible. If it does offer requirements, use an even longer password.
• Web Master
• Posts: 3243
• Loc: South Africa

3+ Months Ago

Big data and map reduce will cut that brute force time in half
• Genius
• Posts: 13506
• Loc: Florida

3+ Months Ago

Not to mention the whole Bitcoin craze is dumping specialized hardware that, hashes data very efficiently, into the marketplace. Any guesses what people are going to use that hardware for when Bitcoin crashes?
• Guru
• Posts: 1089
• Loc: Same place you left me.

3+ Months Ago

Oh yeah. If you're on a machine setup for high hash per second you can EASILY cut that down by huge chunks. That reflects average PC's time to crack. I would be much more concerned about large botnets than with individual HPS machines at this point.

Speaking of the downfall, I wonder what all the companies that are investing millions into R&D on HPS machines are going to do with them once the Bitcoin craze is gone?
• Web Master
• Posts: 3243
• Loc: South Africa

3+ Months Ago

Renting them as zombie machines perhaps? Gotta get that ROI!

## Post Information

• Total Posts in this topic: 5 posts
• Users browsing this forum: No registered users and 23 guests
• You cannot post new topics in this forum
• You cannot reply to topics in this forum
• You cannot edit your posts in this forum
• You cannot delete your posts in this forum
• You cannot post attachments in this forum