[Guinthel]

http://unwrongest.co...sword-strength/

my wow password is 1 year 5 months, beat that.

[diablorojo]

Guinthel, on 20 October 2011 - 05:49 PM, said:

http://unwrongest.co...sword-strength/

my wow password is 1 year 5 months, beat that.

ok mine is 23 years and 11 months lol

[Sobeyet]

Guinthel, on 20 October 2011 - 05:49 PM, said:

http://unwrongest.co...sword-strength/

my wow password is 1 year 5 months, beat that.

Mine is 1 year 5 months too. Brb, logging into Gunther's account and jacking all his gold.

[Deceax]

Quote

Your password is forceable in 609 years, 11 months

l2strongpassword

[Wrathblood]

9 hours and 51 minutes!

And its only that high because I changed it relatively recently. My prior password was perhaps the counterpart to Deceax, clocking in at a whopping 16 minutes and 33 seconds. Letters and numbers doesn't get you as far as it used to.

[Sobeyet]

Wrathblood, on 20 October 2011 - 09:16 PM, said:

My prior password was perhaps the counterpart to Deceax, clocking in at a whopping 16 minutes and 33 seconds.

blockizgr8lol969

[Wrathblood]

Did you actually run that through the site, Sobie?

Your password is forceable in 539886407674 years, 11 months

[Deceax]

Some tips. If you have a password that is just a dictionary word you are bad but we can make it better lets say you love "gonads" and use that as your pass.

Quote

gonads - Your password is forceable in less than one second

The first step is going all l33tsp33k and replacing letters with numbers. So "gonads" becomes "g0n4d5".

Quote

g0n4d5 - Your password is forceable in less than one second

Uh-oh that didn't do the trick because dictionary attacks know l337 and will substitute just like we did. But, this is part of building a strong pass we can add some more trickery to make this stronger. Let's add a pin number to the password and see how this fares. How about 1337? Let's distribute this key into the password. "1g0n343d57".

Quote

1g0n343d57 - Your password is forceable in 14 days, 21 hours

Well that certainly helped but we can do better. Special characters add a bit more complexity so look at that number row of keys on your keyboard and pick 2 of your favorite characters above the numbers and add them to the start and end. Let's say $ and * giving us *1g0n343d57$

Quote

*1g0n343d57$ - Your password is forceable in 110698 years, 7 months

MISSION ACCOMPLISHED. And deep down you still know that your password is balls.

[Kaai]

so the higher the number the better it is?

mine's 90,131,245 years, 9 months

in otherwords my password is godly

[Sobeyet]

Wrathblood, on 20 October 2011 - 09:29 PM, said:

Did you actually run that through the site, Sobie?

Your password is forceable in 539886407674 years, 11 months

Wtf.

Goddamn op paladins need to be nerfed to the ground.

[Deceax]

Also longer is much much better and will increase the brute force time a lot. The unfortunate part to all of this is that most passwords are not brute forced. Social engineering is a much more effective way of getting someones password. The simplest one is the phishing attempts you see all the time when a "blizzard gm" whispers you some broken engrish directing you to a site where you enter your login credentials.

[Wrathblood]

Looks like mixing it up makes each character take longer to guess, and then making it longer makes it exponentially more difficult from there. So if you've got something really simple, each character is fast to guess (especially if its an easy pattern, like a word) so making it longer helps but not really very much. But if you start adding funky characters and make it a non-word, each character starts taking a while, and then adding more characters suddenly makes it a LOT longer.

Like, I didn't make up that time for Sobie's silly block password. 539,886,407,674 years (rounding down) is pretty spiffy, and its mostly because its just long. Toss in an ascii character or something and you'd be essentially unforceable.

[Sobeyet]

Also:

Password - 1111111111111111111111111111111111111
Your password is forceable in 113249257084873540000 years


Methinks I found a gap in the logic.

Deceax, on 20 October 2011 - 09:35 PM, said:

Social engineering is a much more effective way of getting someones password.

You mean like building a website with a "password strength" tester and see how many dumbasses actually post their password?

[Deceax]

Here's a fun wikipedia page on brute forcing passwords. http://en.wikipedia....te-force_attack . Basically the longer the better. An interesting side note to brute forcing is something called a "rainbow table" which is used to break encrypted passwords. When you have a database full of passwords you want to encrypt them so if someone hacks into your server they can't dump out a big ass file of plain text passwords. However, a rainbow table is a set a dictionary passwords that have been encrypted using a popular encryption algorithm and you can quickly check the hashed password value against your downloaded database and get the plain text password. Encryption is fun; always salt your hashes. http://en.wikipedia....i/Rainbow_table

Quote

You mean like building a website with a "password strength" tester and see how many dumbasses actually post their password?

Yes.

[Sobeyet]

Deceax, on 20 October 2011 - 09:43 PM, said:

Here's a fun wikipedia page on brute forcing passwords. http://en.wikipedia....te-force_attack . Basically the longer the better. An interesting side note to brute forcing is something called a "rainbow table" which is used to break encrypted passwords. When you have a database full of passwords you want to encrypt them so if someone hacks into your server they can't dump out a big ass file of plain text passwords. However, a rainbow table is a set a dictionary passwords that have been encrypted using a popular encryption algorithm and you can quickly check the hashed password value against your downloaded database and get the plain text password. Encryption is fun; always salt your hashes. http://en.wikipedia....i/Rainbow_table

So it doesn't really matter what it is (see above), as long as it's long enough. (That's what she said)

[Deceax]

Yes length is the most important for adding time to a brute force algorithm. A brute force algo basically tries every combination of characters increasing in length each iteration. So the ASCII table of characters which most people would use has 256 characters, this includes such characters as line breaks and unprintable characters so most likely a little smaller since people rarely use these in passwords. Lets do some statistics! n = password length. The total possible combinations for password lengths goes.
n=1 255^1;
n=2 255^2;
n=3 255^3;
etc.
If you want to be fancy use unicode characters. Valid unicode characters are in the range of 0-190,000 currently, but you will most likely create a password that is too cumbersome to input on a regular basis. This has awoken my inner nerd and I think I will write a brute force algo with increasing length passwords of arbitrary characters and seeing how long it takes to crack

[Sobeyet]

Deceax, on 20 October 2011 - 09:57 PM, said:

Yes length is the most important for adding time to a brute force algorithm. A brute force algo basically tries every combination of characters increasing in length each iteration. So the ASCII table of characters which most people would use has 256 characters, this includes such characters as line breaks and unprintable characters so most likely a little smaller since people rarely use these in passwords. Lets do some statistics! n = password length. The total possible combinations for password lengths goes.
n=1 255^1;
n=2 255^2;
n=3 255^3;
etc.
If you want to be fancy use unicode characters. Valid unicode characters are in the range of 0-190,000 currently, but you will most likely create a password that is too cumbersome to input on a regular basis. This has awoken my inner nerd and I think I will write a brute force algo with increasing length passwords of arbitrary characters and seeing how long it takes to crack

I got bored so I went and watched this:

[Hesher]

I thought the most common luggage combo was 2222 lol.

[Morbidus]

only 53 years.....smh

[Len]

XKCD covered this, as with all things that matter: