+ Post New Thread
Results 1 to 10 of 10
General Chat Thread, HOW SECURE IS YOUR PASSWORD ? in General; A neat little test, although typing your passwords into a random site that knows your IP address is possibly dumb. ...
  1. #1

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,240
    Thank Post
    1,058
    Thanked 1,068 Times in 625 Posts
    Rep Power
    740

    HOW SECURE IS YOUR PASSWORD ?

    A neat little test, although typing your passwords into a random site that knows your IP address is possibly dumb.

    How Secure Is My Password?

  2. #2

    Join Date
    Aug 2007
    Location
    Liphook
    Posts
    49
    Thank Post
    3
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    So does it just tell you that every password you are dumb enough to put into it is now not secure?

  3. #3

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,401
    Thank Post
    637
    Thanked 961 Times in 661 Posts
    Blog Entries
    2
    Rep Power
    319
    It doesn't transmit passwords back to the site at all - it's just javascript code that runs in your browser.

    But good news - my strongest password will take About 66 quintillion years to crack and my next strongest About a million years

  4. #4

    nephilim's Avatar
    Join Date
    Nov 2008
    Location
    Dunstable
    Posts
    11,760
    Thank Post
    1,623
    Thanked 1,877 Times in 1,395 Posts
    Blog Entries
    2
    Rep Power
    422
    according to this mine would take

    "About 740 octodecillion years"

    lol...thats what you get for having a 32 digit letter and number combination password

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    Read the source. Author is a div. For example, adding entropy to your password does not necessarily make it stronger - the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use, for example. So the password's strength can't be determined by the password alone. Simplistic nonsense. Grr.

  6. #6

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    Miine is really secure - its stuck to the bottom of my keyboard with superglue...

  7. #7

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    115
    the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use,
    Disagree.. the attacker is only forced to crack the entire password space when they **know** that password space is enforced e.g. some kind of complexity checking is turned on. Even then attacker would be an idiot not to try dictionary based cracks with something like the JtR rules to get the "MyPassword01!, MyPassword02!, ..." stuff. And if they don't know what password space is enforced, it's opportunistically try the same JtR-like approach and usually whatever capability rainbow tables they have or have the patience to use.

    Bottom line: "mypassword" falls out relatively quickly regardless of whether more complex passwords are possible.
    Last edited by PiqueABoo; 30th January 2011 at 06:51 PM.

  8. #8

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,848
    Thank Post
    671
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    Quote Originally Posted by tom_newton View Post
    Read the source. Author is a div. For example, adding entropy to your password does not necessarily make it stronger - the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use, for example. So the password's strength can't be determined by the password alone. Simplistic nonsense. Grr.
    I'm sure smoothwall tweeted that or something similar a while back.

    Anyway, in your expert opinion, can you tell us, Does size matter?

  9. #9

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,848
    Thank Post
    671
    Thanked 1,383 Times in 1,145 Posts
    Rep Power
    350
    actually maybe it was this that i got off twitter, interesting info on time to crack password:

    http://www.lockdown.co.uk/?pg=combi

  10. Thanks to vikpaw from:

    JJonas (31st January 2011)

  11. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,461
    Thank Post
    866
    Thanked 845 Times in 667 Posts
    Rep Power
    195
    @piqueaboo: Looking at standard JTR rules would indeed be a better way to infer "strength" (against that attack at any rate) - maybe I was not clear - yes, an all-lc password (especially a dictionary based one like your example) is more likely to be bruteforced, but if you look at the algorithm used in the site we're talking about, it directly judges strength based on addition of a letter/number/etc. which makes naive assumptions that all attackers will brute passwords in just the same way. I was using lower/upper as just a "first example" here of the quality of the result

    On a more general level, I would suggest that "brute force" attacks are extremely rare, and as such, a measure of a password's security against brute force is not far from measuring a nation's security by its ability to repel an army of clowns riding unicycles.
    "Not having been typed into an arbitrary website" would be a good starting point for a metric. IMO password entropy between a user's passwords is more important than entropy within.

    Vik: Length? Matters up to a point, but once it's long enough, the rest is just showboating. Interestingly the usual measure of long enough is given as "just over 6" (characters)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 6th May 2014, 07:25 PM
  2. Replies: 1
    Last Post: 23rd November 2010, 10:34 AM
  3. Is this secure?
    By Hightower in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 17th June 2010, 11:26 AM
  4. Replies: 6
    Last Post: 13th April 2009, 06:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •