#EGGSCELLENT PHRASE PASSWORD#
It is not some fun and games to crack your school mate password to post "I am stupid" on his wall.
You have to get passwords as soon as you have them and start credential stuffing everywhere to get as much as you can.
#EGGSCELLENT PHRASE CRACKED#
Passwords that you did not cracked you just leave, you don't have incentives to run 12 character full brute force combinations. There are many other optimizations you can come up with. This will let's say get you another 20% of passwords. Now you see other people have stronger passwords, so still instead of going random generate combinations of 2 words and run through database, then you can go with combinations of 3 words. Let's say you get 10% of passwords this way form 100k. Then you can have improved dictionary with l33t sp33k. You can go even further and have list of stupid words already hashed, so now you just need to compare prepared hashes (google rainbow tables), nice optimization. Even though hash algorithm works on characters you just make hashes from dictionary words and compare to hash. So first you get all dumb single passwords from dictionary (love, hate, fuck, password), if you have cracking rig or some beefed up server you will go through 100k passwords and all single words, starting with ones commonly used very quickly (sorry, but math I leave for others). You don't have time to go full brute force, and also you don't even know what was the length of password. You want to crack as much passwords as possible in shortest time. Imagine you got database with 100k passwords to crack. And I don't know of any password generators that generate passphrases by default, Niceware, Diceware, or otherwise.īut if a user wants a passphrase instead, I don't know of a security expert who would recommend 3 words. The right "best answer" for password generation is to use a password manager, no argument there. Moving to 5 randomly generated Niceware words, and it's impractical to attempt cracking the MD5 hash.Ĭherry-picking 3 words is a little dishonest for the discussion surrounding password security. However, jumping to 4 random words grows that time by a factor of 65,536, which means reaching 50% exhaustion would take approximately 1 full year.
#EGGSCELLENT PHRASE CRACKER#
In order to exhaust half of the keyspace, so odds would be in the favor of the password cracker finding the original hash, they would need to search only 140,737,488,355,328 hashes.Īt 307.2 gigahashes per second, this would take approximately 458 seconds, or just under 8 hours using the Niceware list. If that password was hashed with a single pass of vanilla MD5, the Jeremi Gonsey's cluster of 8 Nvidia GTX 1080i GPUs would be running at 307,200,000,000 hashes per second. 3 words chosen randomly is 1 "password" of 281,474,976,710,656 possibilities.
0 kommentar(er)
