TechEcho

We can do password guessing way better than brute force by generating strings using a Markov model instead of randomly. I wrote a paper on how to do this a few years ago <a href="http://www.cs.utexas.edu/~shmat/abstracts.html#pwd" rel="nofollow">http://www.cs.utexas.edu/~shmat/abstracts.html#pwd</a> Some of the techniques have since found their way into John the Ripper. (and possibly other tools; I haven't checked.) The upshot is that you can't calculate strength with a simple formula like this. At best you get an upper bound on the time needed to crack, by a few orders of magnitude.

The most important passwords I have are the ones for online banking and the like where you certainly aren't going to be doing bloody 25 billion attempts an hour.

Wow! I was surprised. I thought my password would be much easier to crack. As it turns out, I'm safe for the next 20 days or so.

What does "Random Alpha/Numeric" mean ? - sequence not readable ?<p>I observed that if you mention your password has random Alpha Numeric the time taken to break jumps to thousands of days.

The most important passwords I have are the ones for online banking and the like where you certainly aren't going to be doing bloody 25 billion attempts an hour.

Wow! I was surprised. I thought my password would be much easier to crack. As it turns out, I'm safe for the next 20 days or so.

What does "Random Alpha/Numeric" mean ? - sequence not readable ?<p>I observed that if you mention your password has random Alpha Numeric the time taken to break jumps to thousands of days.

Check how fast it takes to brute force your password

5 comments

Check how fast it takes to brute force your password

5 comments