Password length vs Average time to crack using Brute Force Hacking

Mave

Mave

TMS Founder
Administrator
Messages
236,002
Location
Belgium
PPqgb85.gif
 
Using bruteforce and only using a certain amount of characters. If special characters were allowed you'd have a safe password much faster.
 
Impulse said:
Using bruteforce and only using a certain amount of characters. If special characters were allowed you'd have a safe password much faster.
Click to expand...
It's still easier to remember a simple long password than a complex short one. Obligatory xkcd:
password_strength.png
 
Panki said:
Impulse said:
Using bruteforce and only using a certain amount of characters. If special characters were allowed you'd have a safe password much faster.
Click to expand...
It's still easier to remember a simple long password than a complex short one. Obligatory xkcd:
password_strength.png
Click to expand...
I agree that this is indeed better for bruteforce.
But if they also use libraries of words to crack your password, wouldn't the correcthorsebatterystaple be easier to guess?
 
Mave said:
Panki said:
Impulse said:
Using bruteforce and only using a certain amount of characters. If special characters were allowed you'd have a safe password much faster.
Click to expand...
It's still easier to remember a simple long password than a complex short one. Obligatory xkcd:
password_strength.png
Click to expand...
I agree that this is indeed better for bruteforce.
But if they also use libraries of words to crack your password, wouldn't the correcthorsebatterystaple be easier to guess?
Click to expand...
Using correcthorsebatterystaple is fucking retarded, because I'm sure it appears in every library out there by now. Libraries can be pretty effective, but as far as I'm concerned they only employ single words.
Rainbow Tables are a better approach than bruteforce, if you have the storage space.
 
Panki said:
Mave said:
Panki said:
Impulse said:
Using bruteforce and only using a certain amount of characters. If special characters were allowed you'd have a safe password much faster.
Click to expand...
It's still easier to remember a simple long password than a complex short one. Obligatory xkcd:
password_strength.png
Click to expand...
I agree that this is indeed better for bruteforce.
But if they also use libraries of words to crack your password, wouldn't the correcthorsebatterystaple be easier to guess?
Click to expand...
Using correcthorsebatterystaple is fucking retarded, because I'm sure it appears in every library out there by now. Libraries can be pretty effective, but as far as I'm concerned they only employ single words.
Rainbow Tables are a better approach than bruteforce, if you have the storage space.
Click to expand...
Ah I thought so, thanks for confirming.
 
Just to add a bit of fire to the discussion: Why not use something like correccthorsebatterystaple, but then substitute several letters (one per "word, for example) with a numeral? Like C0rrectHors3B4tterySt4ple? You still get the length, but now with extra difficulty due to the added numerals. Add some symbols in there too, and you're set.

How about Ch33secake&C0ca-cola ?
Simple food and drink (easy to remember), alphanumerical(simple replacements, so not that difficult to remember) and special symbols (at logical places), and lengthy (20 long).
 
Stybar said:
Just to add a bit of fire to the discussion: Why not use something like correccthorsebatterystaple, but then substitute several letters (one per "word, for example) with a numeral? Like C0rrectHors3B4tterySt4ple? You still get the length, but now with extra difficulty due to the added numerals. Add some symbols in there too, and you're set.

How about Ch33secake&C0ca-cola ?
Simple food and drink (easy to remember), alphanumerical(simple replacements, so not that difficult to remember) and special symbols (at logical places), and lengthy (20 long).
Click to expand...
That does sound like it would be indeed hard to crack AND easy to remember.
I use different passwords for every website though, and I always generate them here: http://strongpasswordgenerator.net/

Now that we're a bit on the subject: Does anybody use Keepass? I'm considering using it, but am also wondering how secure it actually is.
 
Mave said:
Stybar said:
Just to add a bit of fire to the discussion: Why not use something like correccthorsebatterystaple, but then substitute several letters (one per "word, for example) with a numeral? Like C0rrectHors3B4tterySt4ple? You still get the length, but now with extra difficulty due to the added numerals. Add some symbols in there too, and you're set.

How about Ch33secake&C0ca-cola ?
Simple food and drink (easy to remember), alphanumerical(simple replacements, so not that difficult to remember) and special symbols (at logical places), and lengthy (20 long).
Click to expand...
That does sound like it would be indeed hard to crack AND easy to remember.
I use different passwords for every website though, and I always generate them here: http://strongpasswordgenerator.net/

Now that we're a bit on the subject: Does anybody use Keepass? I'm considering using it, but am also wondering how secure it actually is.
Click to expand...
I don't.
 
You must log in or register to reply here.
Back
Top Bottom