How secure is your password?

Status
Not open for further replies.

n9mxq

Member
Premium Subscriber
Joined
Dec 15, 2005
Messages
1,617
Location
Belvidere IL
Just checked my Facebook password:
It would take a desktop PC about 35 sextillion years to crack your password


  • Length: 20 characters
  • Character Combinations: 96
  • Calculations Per Second: 4 billion
  • Possible Combinations: 4 duodecillion
That'll do...And that's one of my smaller ones..

But I like how they qualify it as "desktop" computer...
 

Darth_vader

Member
Joined
Apr 5, 2013
Messages
325
The irony of the first sentence on that site alone actually made me laugh so hard I had lemon-flavoured instant tea running out my nose. Like I'm going to give any of my passwords to a site that intercepts with a list of JS directives and external domain calls like that!
 

Attachments

Last edited:

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,901
It would take a desktop PC about 35 sextillion years to crack your password
Entry-level and average hackers/crackers use systems that are much better than the "desktop PC".

Corporate/Government hackers are far beyond that. What take "years" on a "desktop PC", takes seconds (maybe a few minutes) on serious-hackers' systems.

Of course, the NSA (and other similar organizations) push the top-end of the scale, as mentioned in this WP article:

NSA seeks to build quantum computer that could crack most types of encryption
 

rapidcharger

Member
Joined
Jun 13, 2012
Messages
2,319
Location
The land of broken calculators.
The irony of the first sentence on that site alone actually made me laugh so hard I had lemon-flavoured instant tea running out my nose. Like I'm going to give any of my passwords to a site that intercepts with a list of JS directives and external domain calls like that!
You're talking to someone (the person who started the thread) who has a fox news logo as their avatar and in their signature says "fare and balanced" [SIC]
You might as well not even bother.
 

CapStar362

Member
Joined
Dec 27, 2004
Messages
564
Location
Oakwood GA, USA!
Corporate/Government hackers are far beyond that. What take "years" on a "desktop PC", takes seconds (maybe a few minutes) on serious-hackers' systems.

Of course, the NSA (and other similar organizations) push the top-end of the scale, as mentioned in this WP article:

NSA seeks to build quantum computer that could crack most types of encryption
the problem with the GOV ( ours specifically ) they put too much load on the electrical systems, and cause fires and surges that usually wind up killing these "Super-Multimillion Dollar" systems and just waste our tax payer dollars on stupid crap like that!
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,901
the problem with the GOV ( ours specifically ) they put too much load on the electrical systems, and cause fires and surges that usually wind up killing these "Super-Multimillion Dollar" systems and just waste our tax payer dollars on stupid crap like that!
(Some of the large-scale government-type projects, like the recent NSA-related project(s), might not be implemented in the best way, no doubt. But,with regard to the OP's question "How secure is your password", issues of goverment efficiency might be a little OT, so I won't continue that idea here.)

Since serious password/security-crackers use server-grade systems (like clusters/supercomputers/botnets that are available in the corporate/educational environment) and are not wasting their time using compatively slow inefficient "PC desktops" to execute an attack, it seems to be at least a little naive/disingenuous to suggest that the public should choose a defense method (longer/more complex password, etc.) based upon the idea that an attacker's "PC desktop" would take "years" to complete the attack. For comparison, defending against spit-wads (PC Desktops) is useless when the attackers bring field artillery (servers/botnets, etc.). The passwords should be made stronger, yes. But, the image of a "PC desktop" attacker as the benchmark is short-sighted.

One opinion,
 

K7MEM

Member
Joined
Dec 16, 2013
Messages
341
Location
1158 W. Valley Circle, Ash Fork, AZ 86320-482
Since serious password/security-crackers use server-grade systems (like clusters/supercomputers/botnets that are available in the corporate/educational environment) and are not wasting their time using compatively slow inefficient "PC desktops" to execute an attack, it seems to be at least a little naive/disingenuous to suggest that the public should choose a defense method (longer/more complex password, etc.) based upon the idea that an attacker's "PC desktop" would take "years" to complete the attack. For comparison, defending against spit-wads (PC Desktops) is useless when the attackers bring field artillery (servers/botnets, etc.). The passwords should be made stronger, yes. But, the image of a "PC desktop" attacker as the benchmark is short-sighted.

One opinion,
And, a very good opinion. For many years I was the lead Unix Administrator for a very large corporation. I managed a network with over 600 user accounts, most of the Engineers. Each user had their own desktop systems but was managed by a central authentication system. While the users had their desktops to work with, they were limited in performance, compared to the servers that I had access to.

One small piece of my job was to crack everyone's password. Methods were readily available and a password could be cracked with only knowing the the encrypted password. There was no need to actually break the encryption.

So once a month I would run all of the encrypted passwords through the cracking system. When I first started doing this, the results were amazing. In an hours time I had the password for 60% of the accounts. That's when notices started being sent informing the user that their password was too easy and pick another one. As time went on, their passwords got better and better, but I could still crack them. It just took longer and longer.

Since then, the Unix systems have enhanced their authentication capabilities and their password requirements. But the servers that are used to break unto systems have also taken a quantum leap.
 

AZScanner

Member
Joined
Dec 19, 2002
Messages
3,352
Location
Somewhere in this room. Right now, you're very col
The irony of the first sentence on that site alone actually made me laugh so hard I had lemon-flavoured instant tea running out my nose. Like I'm going to give any of my passwords to a site that intercepts with a list of JS directives and external domain calls like that!
Indeed!

My son used to play a popular MMO game regularly. One day he came to me complaining that someone had hacked his account and stolen all his money and high end items from his characters in the game - items he had played for MONTHS, plus spent very real allowance money to get. Needless to say, he was very upset!

On a hunch, I checked his internet history and sure enough, I found a similar "test your password strength" page for users of the game. The site was literally trolling for user account names and passwords which it would then "check" for you and report some similar stupid "your password is this secure" score - I ran it several times using a bogus name and password and each time it came back with a different random score. I looked at him and said "now you know why there's players in that game running around with billions of coins and tons of items. I hope you learned a valuable lesson here - your password is only for getting into that game. Do not enter it anywhere else or give it to anyone else."

I'll give the rest of you that same advice and also cannot stress enough that anyone who fed their passwords into that site should change them immediately. It doesn't take much for a webserver to find out your IP address, what sites you've been too, what your username might be, scan any cookies you have, etc and then on top of all that info the server already had on you, you gave it your passwords. As I often say when my kids come to me with their computer problems: "Oy vey!" Don't just change them a little bit either by changing just one number or something. Totally different password, folks. I work in User Access Management for a major company - I know what I'm talking about here. Do it today.

-AZ
 

pgnsucks

Member
Joined
Jun 24, 2006
Messages
168
Location
Central Florida
I think it comes down to how important your password is to someone and where it is stored.There are many great hacker/cracker techs who are dedicated and will spend a great deal of time to get what they want.

Take credit card theft the companies that issue them are quite sophisticated. Yet quite a few brick and mortar stores use older encryption methods and patches to keep and send the data.

I think it's a crap shoot as in this day and age nothing is secure if someone finds it important. It is my opinion that Brick n Mortar stores where you use those nifty debit credit cards are the greatest threat. Identity theft is the largest growing segment of crime in the world. As much as various governments try to eliminate the use of cash that is exactly what I try to use for most purchases.

Also ISP's, Online retailers, Banks etc while you may be secure they might be saving a few bucks by not bringing their systems up to date.
 

kc0vgj

Member
Joined
Dec 11, 2005
Messages
460
Location
INDEPENDENCE, Mo.
71 quadrillion years - on a normal computer


Length: 18 characters
Character Combinations: 77
Calculations Per Second: 4 billion
Possible Combinations: 9 decillion
 

wkm

Member
Joined
Mar 26, 2007
Messages
77
Location
WA
If you are going to use a site like that at least use a trusted proxy or perhaps a program such as TOR. But then again if you know of such things then you wouldn't use a password checker in the first place.

BTW these required password protocols that sites require you to make a password with a capital, number or some other stupid character. Are the least secure. The protocol is open to the public and dictionary can be created to brute it. At least that is what I have read from articles of password security. Take a look at what programs are out there for network security. Most are written for linux and are probably only a fraction of a percentage of what is really out there.
 

zz0468

QRT
Joined
Feb 6, 2007
Messages
6,029
...Like I'm going to give any of my passwords to a site that intercepts with a list of JS directives and external domain calls like that!
You could do what I did... put in a similar password, but not the actual correct pw. 77 trillion years for the series of passwords that I use.
 

poltergeisty

Truth is a force of nature
Joined
May 7, 2004
Messages
3,950
Location
RLG, Fly heading 053, intercept 315 DVV
I'm using private browsing mode and a VPN. No cache and everything is wiped on exit. What's the deal?

The fact of the matter is you really don't "crack" the password you intercept it with a rouge script. It's why I use NoScript. On another forum of mine someone injected a rouge script into the log in and stole passwords.
 

QDP2012

Member
Joined
Feb 8, 2012
Messages
1,901
I'm using private browsing mode and a VPN. No cache and everything is wiped on exit. What's the deal?

The fact of the matter is you really don't "crack" the password you intercept it with a rouge script. It's why I use NoScript. On another forum of mine someone injected a rouge script into the log in and stole passwords.
NoScript is very useful. Malicious websites which ask users to "enter a password to be tested" do/can act like a man-in-the-middle attack and stealthfully steal/intercept the credential information by intercepting it from the origin and forwarding it to the proper target after making a copy of it. Any computer that can be connected in the "middle position" can intercept the information. Security techniques/protocols like tunneling/SSL, etc. can limit exposure to some degree.

Other attack-vectors include the brute-force "frontal assault" which involves password cracker programs that "guess" possible passwords and try them until the correct one is discovered. In this case, there is no interception of a password during its transit from origin to proper target. The heavy-duty server-grade computers are particularly useful in this type of attack.

Hope this helps,
 
Last edited:

pgnsucks

Member
Joined
Jun 24, 2006
Messages
168
Location
Central Florida
I think this is a useful discussion however if individual users strive to keep secure passwords. What happens when the site storing them is not secured with the latest patches and updates.

Again quite a few large brick n mortar retailers, banks, credit card companies etc. store your credit/debit card information on less than secure networks. Then drive by thieves compromise these less than secure networks and get at the information no matter how hard individuals may try to thwart such activity. Within less then 24hrs all credit information is shipped, created and used often to disastrous results. It may take many years to clear the damage of a previously exemplary individual.

Or a larger online retailer's system in order to cut costs does not keep up with the latest security patches and upgrades.

I myself use online sites and credit/debit cards sparingly and try to pay cash. Can everyone live in an antiseptic environment no these are only thoughts to ponder in my opinion.
 

FrensicPic

Member
Premium Subscriber
Joined
Jun 16, 2012
Messages
66
Location
Los Angeles, California
Although no "username" was provided, you still offered up your passwords to a website?

Maybe I'm paranoid about such things but, you may have added those passwords to someones password "dictionary. :roll:
John
 
Status
Not open for further replies.
Top