+ Post New Thread
Results 1 to 10 of 10
General Chat Thread, HOW SECURE IS YOUR PASSWORD ? in General; A neat little test, although typing your passwords into a random site that knows your IP address is possibly dumb. ...
  1. #1

    mattx's Avatar
    Join Date
    Jan 2007
    Posts
    9,249
    Thank Post
    1,061
    Thanked 1,070 Times in 626 Posts
    Rep Power
    741

    HOW SECURE IS YOUR PASSWORD ?

    A neat little test, although typing your passwords into a random site that knows your IP address is possibly dumb.

    How Secure Is My Password?

  2. #2

    Join Date
    Aug 2007
    Location
    Liphook
    Posts
    58
    Thank Post
    4
    Thanked 2 Times in 2 Posts
    Rep Power
    15
    So does it just tell you that every password you are dumb enough to put into it is now not secure?

  3. #3

    webman's Avatar
    Join Date
    Nov 2005
    Location
    North East England
    Posts
    8,422
    Thank Post
    645
    Thanked 967 Times in 667 Posts
    Blog Entries
    2
    Rep Power
    328
    It doesn't transmit passwords back to the site at all - it's just javascript code that runs in your browser.

    But good news - my strongest password will take About 66 quintillion years to crack and my next strongest About a million years

  4. #4

    featured_spectre's Avatar
    Join Date
    Nov 2008
    Posts
    12,505
    Thank Post
    1,684
    Thanked 2,054 Times in 1,491 Posts
    Blog Entries
    2
    Rep Power
    464
    according to this mine would take

    "About 740 octodecillion years"

    lol...thats what you get for having a 32 digit letter and number combination password

  5. #5


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Read the source. Author is a div. For example, adding entropy to your password does not necessarily make it stronger - the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use, for example. So the password's strength can't be determined by the password alone. Simplistic nonsense. Grr.

  6. #6

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,820
    Thank Post
    883
    Thanked 685 Times in 454 Posts
    Rep Power
    505
    Miine is really secure - its stuck to the bottom of my keyboard with superglue...

  7. #7

    Join Date
    Jan 2006
    Location
    Surburbia
    Posts
    2,178
    Thank Post
    74
    Thanked 307 Times in 243 Posts
    Rep Power
    116
    the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use,
    Disagree.. the attacker is only forced to crack the entire password space when they **know** that password space is enforced e.g. some kind of complexity checking is turned on. Even then attacker would be an idiot not to try dictionary based cracks with something like the JtR rules to get the "MyPassword01!, MyPassword02!, ..." stuff. And if they don't know what password space is enforced, it's opportunistically try the same JtR-like approach and usually whatever capability rainbow tables they have or have the patience to use.

    Bottom line: "mypassword" falls out relatively quickly regardless of whether more complex passwords are possible.
    Last edited by PiqueABoo; 30th January 2011 at 07:51 PM.

  8. #8

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    Quote Originally Posted by tom_newton View Post
    Read the source. Author is a div. For example, adding entropy to your password does not necessarily make it stronger - the possibility of the existance of uppercase (forcing the attacker to use a larger seachspace) is more important than their actual use, for example. So the password's strength can't be determined by the password alone. Simplistic nonsense. Grr.
    I'm sure smoothwall tweeted that or something similar a while back.

    Anyway, in your expert opinion, can you tell us, Does size matter?

  9. #9

    vikpaw's Avatar
    Join Date
    Sep 2006
    Location
    Saudi Arabia
    Posts
    5,956
    Thank Post
    775
    Thanked 1,487 Times in 1,234 Posts
    Rep Power
    367
    actually maybe it was this that i got off twitter, interesting info on time to crack password:

    http://www.lockdown.co.uk/?pg=combi

  10. Thanks to vikpaw from:

    JJonas (31st January 2011)

  11. #10


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    @piqueaboo: Looking at standard JTR rules would indeed be a better way to infer "strength" (against that attack at any rate) - maybe I was not clear - yes, an all-lc password (especially a dictionary based one like your example) is more likely to be bruteforced, but if you look at the algorithm used in the site we're talking about, it directly judges strength based on addition of a letter/number/etc. which makes naive assumptions that all attackers will brute passwords in just the same way. I was using lower/upper as just a "first example" here of the quality of the result

    On a more general level, I would suggest that "brute force" attacks are extremely rare, and as such, a measure of a password's security against brute force is not far from measuring a nation's security by its ability to repel an army of clowns riding unicycles.
    "Not having been typed into an arbitrary website" would be a good starting point for a metric. IMO password entropy between a user's passwords is more important than entropy within.

    Vik: Length? Matters up to a point, but once it's long enough, the rest is just showboating. Interestingly the usual measure of long enough is given as "just over 6" (characters)



SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 4
    Last Post: 6th May 2014, 08:25 PM
  2. Replies: 1
    Last Post: 23rd November 2010, 11:34 AM
  3. Is this secure?
    By Hightower in forum Windows Server 2000/2003
    Replies: 4
    Last Post: 17th June 2010, 12:26 PM
  4. Replies: 6
    Last Post: 13th April 2009, 07:29 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •