Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Use a strong password, as my granddaughter does 3

Status
Not open for further replies.
>Impossible, No... Bruteforce will eventually get that one... but it would take ages

Perhaps you'd like to have a stab at guessing what 'ages' may mean here ...
 

I do write my passwords (sometimes), but as I stated before – I do it in other language, plus it is a description of the password, and not the password itself.

I had a secure key (I don’t have it any more) which had a password of 0546, so I wrote on it something like ‘less than’ (part of a lyric of a song many years ago), six minus one, two plus two, and five plus one – all in other language.

I keep written down other passwords like: the license plate of my car plus 55, or what I call my wife plus her age (she is, for example, 23 for last X years :) )

So in order to guess my passwords, you need to know something about me.


Have fun.

---- Andy
 
ages = a very long time...

the estimated time to crack said pswd:

55347407972105100000000000000000000 hrs.

for a single P4 machine...

where as IBM's Blue Gene could do it in just under:

3773258843786680000000000000 hrs.



Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
I tend to use passwords that are a pseudo-acronym.

One example that I give when training is:

I like to eat cookies at night!

Take the first letter... substitute where you can...

I l 2 e c @ n !

A nice, easy-to-remember, but very strong password.



Just my 2¢

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
>55347407972105100000000000000000000 hrs

So basically unbreakable ...


Having said that ...

>the estimated time to crack said pswd

Estimated where/by who? With what assumtions? That seems ... low.



 
Ah - I think I've found the calculator you used. And I can generate a simlilar result to uypu by making some poor assumptions - such as that the password we are breaking is known to have 1 uppercase character and 31 lowercase alphas. But if we were brute forcing this for real we would no know that. We could perhaps at best assume the password is an unknown mix of upper and lowercase characters.

The calculator doesn't have a line for that, but the calculation is pretty simple:

52^32 possibilities ...

which at the test speeds used in the calculator (and accepting their simple averaging calculation to shrink the search space as valid) come out at:

237,715,307,158,561,000,000,000,000,000,000,000,000,000,000.00 hours

or

9,904,804,464,940,040,000,000,000,000,000,000,000,000,000 days

And even if we accept the calculators rather erroneous assumption that a supercomputer can carry out a comparison in each FLOP, the 2004 Blue Gene only reduces that to

673,796,222,104,765,000,000,000,000,000,000,000 days

whilst using the same (erroneous) assumptions 2010s Tianhe-IA supercomputer (currently fastest in the world) would reduce it to:

18,905,906,594,655,500,000,000,000,000,000,000 days

which is over 51 * 10^27 years ...


 
which is over 51 * 10^27 years ...
and so it is crackable... though we may never see the result, that does not negate the statement: "Bruteforce will eventually get that one...". But lets not nit-pick, it is a VERY VERY strong password, as most people cannot remember even 8 chars let alone 32... ;-)


Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
>But lets not nit-pick, it is a VERY VERY strong password

AH! But it isn't nitpicking. In cryptography the length of time it would take to crack something is an important consideration into whether something is crackable or not. Something that would take this long is considered uncrackable.

I don't think 'ages' or 'difficult' really conveyed this ...
 
My main "secure" pw consists of Welsh, Swiss and German names.



Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 
Something that would take this long is considered uncrackable.
Ok, I see where you are coming from...

In cryptography the length of time it would take to crack something is an important consideration into whether something is crackable or not.
and yes agreed...

Ben
"If it works don't fix it! If it doesn't use a sledgehammer..."
How to ask a question, when posting them to a professional forum.
Only ask questions with yes/no answers if you want "yes" or "no"
 
However due to the world of "cloud" (I hate that term) computing, these times are being massily reduced. What was "uncrackable" a few years ago, falls in hours / minutes these days. It's a question of finance these days.

Robert Wilensky:
We've all heard that a million monkeys banging on a million typewriters will eventually reproduce the entire works of Shakespeare. Now, thanks to the Internet, we know this is not true.

 
>these times are being massily reduced

You may want to investigate how massive 'massily' actually needs to be before we can consider this particular example crackable via brute force ... (which is not to say that alternative non-brute techniques may not be developed that can crack it in an acceptable timeframe)

There's no cloud solution around that I am aware of that even comes close to the performance of Tianhe-IA

And note that the bottleneck for this is not going to be how quickly the attacker can work through the keyspace, it is going to be how quickly it can test each of those keys - and that'll be limited by the system you are trying to attack ... (so all the numbers above are best-case scenarios)

>It's a question of finance these days

It really isn't for the sort of numbers we are talking about. There are also power consumption limits imposed by something called the Von Neumann-Landauer Limit ...
 
I use a program that stores my passwords in its database. The problem is [small]I need a password to run the program.[/small][cry].

James P. Cottingham
[sup]I'm number 1,229!
I'm number 1,229![/sup]
 
I use Password Safe (with a very strong password) at work and at home.



Greg
People demand freedom of speech as a compensation for the freedom of thought which they seldom use. Kierkegaard
 
ROFLMSO that was so much fun to read . . . I use a 13 digit alphanumeric with special characters capitals and lowercase.
I consider that to be secure enough for most instances . . . but it would not take ALL THAT long to crack if someone really wanted to . . . luckily my need for security is not great . . .

With respect
Wicca

Believe in yourself, you know the answer
 
I'm fine with the reverse of my name and with the combination of my birthdate, im just used to it, whenever something requires a password.

 
I use the number plate of my very first car. No-one else knows what that was.

Fee

"The cure for anything is salt water – sweat, tears, or the sea." Isak Dinesen
 
Welshbird said:
I use the number plate of my very first car. No-one else knows what that was.
Except someone who has access to past DVLA records.

Hackers abound.


-- Francis
In Deo nos confídimus.
Ceteris pariatur.
 
Of course, the forefront to security is not allowing someone to get to a point where they can enter your username/password to begin with.

Using my license plate wouldn't work... it's the same as my HAM radio call letters. :)


Just my 2¢

"What the captain doesn't realize is that we've secretly replaced his Dilithium Crystals with new Folger's Crystals."

--Greg
 
I'm also a ham, and I had a plate with my call letters, but I gave it up when someone broke in and stole an IC-440 HT from the glove box.

The funny thing is, while I had the plate, the validation sticker became faded. I went in for a new sticker, they said they couldn't just replace the sticker, and so they made me an entirely new plate. Your tax dollars at rest.

-- Francis
In Deo nos confídimus.
Ceteris pariatur.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top