Security
 

Stumbled across this today. Something to consider when creating passwords.

I am not seeking to advertise the company, in part because I know nothing about the company but I figured I'd pass on the information. I expect that as computing power increases, those figures will decline. When I'm 87, my password will have to be something like

pleasegetmemoredependsbecausethesearefullofcrap1234*

https://i.imgur.com/FwLl6CH.jpg

You think this is bad? Just wait til they get quantum hacking going. Anything without quantum crypto will be instant toast.

Or infinitely better.... enable multifactor authentication.

I got no dog in the fight because according to this, it will take hackers 2 trillion years to get to me but, I wonder how they would "show their work" so to speak? I don't know shit about technology outside of how to get on CP and check my email so I'm not saying this is wrong, just seems like one of those things you could just throw out there and assume you would never get fact checked on.

I'd assume that hacking programs start with "a" or "1" and progress sequentially through the possibilities. Does that mean if you started your passwords with "z" or "9" it would take longer for them to hack?

Technically no.

CPU cycles are just mathematical increments.

The already use botnet "clouds" to do it. The biggest thing is that you're not as likely a target as say, Target.

I was more thinking of DOD and critical infrastructure
crypto but yeah.

Just salting the hashes isn't going to cut it soon.

What this is telling me that I'd probably be pretty safe to do a 15 lower case letter password and they could hack it when I'm dead. Not sure about their numbers here, with bot nets, phishing and other viruses they have other ways to gain access as well.

Next time I say something stupid on CP I'm going to pull a celebrity move and say I was hacked. That's right, **** you Bearcat.

oops, that wasn't me.

Exactly. The DoD already gets hacked on a frequent basis. Security is an endless nightmare if you're responsible for it and a gravy train if you get paid to do it.

I use randomly-generated passwords - 20 characters with upper, lower, numerals, and a select few specials (ones that are universally acceptable).

I also store all of my passwords in an encrypted database.

Obligatory XKCD...
https://imgs.xkcd.com/comics/password_strength.png


Cool password generator based off the comic, but beware using it. The dictionary used is available and small. My current rig can crack all variations of the WEB16 and NTLM (default length options) in seconds. Currently testing masks for the DEFAULT, estimating 21-28 days.
https://xkpasswd.net/s/

Also, while this chart is a good opening comment about security. it is SUPER subjective and not nearly detailed enough for a true discussion of what makes a secure password. Those numbers are based on "brute-force" attacks which attempt every possible variation in a character data set. It completely ignores non brute-force attacks, speed of guesses, and ease of guessing the type of hash.


You wouldn't believe how many passwords I see like Spring-2002! or GoBroncos!2002 (obvious assholes) or Ch13f$Rule!!! All of which crack in seconds using basic rule and mask attacks but people still think nobody will figure it out.