Page 3 of 3 FirstFirst 123
Results 31 to 45 of 45

Thread: Personal venting.. ugh.. passwords..

  1. #31
    obfuscated SDK hacker Lightwolf's Avatar
    Join Date
    Feb 2003
    Location
    Stuttgart, Germany
    Posts
    13,611
    Quote Originally Posted by IMI View Post
    In other words, we do still have to fear the above average 19 year old outcast, can't-get-a-date-to-save-his-life, college computer geek with advanced hacking tools?
    Yup: http://3.14.by/en/md5

    Cheers,
    Mike

  2. #32
    Registered User AdamAvenali's Avatar
    Join Date
    Apr 2005
    Location
    Savannah, GA
    Posts
    778
    wow, i started a thread that made it to three pages! that's a first haha

  3. #33
    Quote Originally Posted by Lightwolf View Post
    Yup: http://3.14.by/en/md5

    Cheers,
    Mike
    Hmm, interesting. It is using GPU, am I reading it right?

  4. #34
    Pancakes! IMI's Avatar
    Join Date
    Apr 2007
    Location
    Right Here
    Posts
    7,124
    Quote Originally Posted by art View Post
    Hmm, interesting. It is using GPU, am I reading it right?
    Yeah that's right. Probably the same deal as the [email protected] project which uses your GPU during down time.

  5. #35
    obfuscated SDK hacker Lightwolf's Avatar
    Join Date
    Feb 2003
    Location
    Stuttgart, Germany
    Posts
    13,611
    Quote Originally Posted by art View Post
    Hmm, interesting. It is using GPU, am I reading it right?
    Yup, including SLI/multi-GPU set-ups - and as many CPU cores as the system provides. Mind you, computing md5 hashes is very trivial to run in parallel.

    Basically all it does is compute the md5 has for a sequence of characters and see if it matches the md5 you entered as the target (pass words as usually stored as md5 hashes - which is like an advanced kind of checksum really). Then it tries a different sequence of characters.

    Cheers,
    Mike

  6. #36
    I think I need to increase the lenght of my passwords by a few characters

  7. #37
    Registered User
    Join Date
    Feb 2003
    Location
    Finland
    Posts
    75
    Quote Originally Posted by IMI View Post
    How many possible combinations are there in 8 characters, given 26 letter in the English alphabet and 10 digits, plus cases and special characters?
    I already answered to that question. It's easy enough to calculate. With extended ASCII you have 256 differenct characters in use. So, with one character you'll have 256 different combinations. With two characters you'll have 256*256 combinations etc. So you can count the amount of combinations simply with a formula:

    Code:
    combinations = 256^x, where x = amount of characters
    Thus with 8 characters you'll have 256^8 = 18 446 744 073 709 551 616 possible combinations. So if one would use BarsWF (350 million tries per second) for brute force MD5 cracking it would take (in worst case scenario) approximately 1671 years and some months more. But if you use only lower case characters then your password would crack in little less than 10 minutes in the worst possible scenario (for the cracker that is).

    Remember folks though, if you are using normal words which can be found from a dictionary or which are common names etc your password WILL break in no time.
    Niklas Collin - Finnish Lightwaver

  8. #38
    obfuscated SDK hacker Lightwolf's Avatar
    Join Date
    Feb 2003
    Location
    Stuttgart, Germany
    Posts
    13,611
    Quote Originally Posted by Ember View Post
    8 characters with all ASCII characters = 18 446 744 073 709 551 616 different combinations, 10 characters = 1 208 925 819 614 629 174 706 176 - that's 65536 times more combinations! Oh and if you'll use just lower case US/UK characters: 8 characters = 208 827 064 576 and with 10 = 141 167 095 653 376.

    The difference is staggering, add upper case characters and special characters into your password and you can keep it shorter. Just my two cents into this discussion :P
    The problem is you won't be able to use all 256 characters, more like the alphabet, numbers and common extra characters (roughly 20 or so)... which leaves us with 82 characters or so... heck, make it 100 (most will be filtered out and the others depends heavily on the character set used and aren't really safe unless you've tested them in the system, i.e. öäüß).

    Currently with GPUs you can compute 2 billion hashes per second per 1000US$ invested. 8 characters as described above takes roughly max. 33 days (probably less, I've got the numbers for a slightly slower app), on average half of that though.

    Anything with more than 10 characters is still fairly secure though.

    Cheers,
    Mike

  9. #39
    Registered User
    Join Date
    Feb 2003
    Location
    Finland
    Posts
    75
    Quote Originally Posted by Lightwolf View Post
    The problem is you won't be able to use all 256 characters, more like the alphabet, numbers and common extra characters (roughly 20 or so)... which leaves us with 82 characters or so... heck, make it 100 (most will be filtered out and the others depends heavily on the character set used and aren't really safe unless you've tested them in the system, i.e. öäüß).
    Very true, that's why I stated "in the worst possible scenario". It's theoretically possible to use the full extended ASCII range but in practice no one will use it. And if you want to go wild you'll use UTF-8 in all it's glory (or heck, even UTF-32!). Typing only strange special symbols as your password in UTF-8 you'll most likely prevent all possible cracking attempts. The fact that you won't most likely remember your password after that is a completely different matter
    Niklas Collin - Finnish Lightwaver

  10. #40
    LightWave documentation BeeVee's Avatar
    Join Date
    Feb 2003
    Location
    Pessac
    Posts
    5,051
    That's why I use KeePass' password generator. It makes a password of whatever legnth you like composed of characters like this: XEA3ne9vPkGy0rjYaVdv (an actual password, but I'm not saying which site for... ) and then for ones I need to remember and not just store, I use a line from a poem or song, or quote from a film - something on the order of 30 chars or so. Sure it's words, but using Camel case or l33t number transposition helps.

    B
    PS. I can thoroughly recommend xmarks too!
    Ben Vost - NewTek LightWave 3D development
    LightWave 3D Trial Edition
    AMD Threadripper 1950X, Windows 10 Pro 64-bit, 32GB RAM, nVidia GeForce GTX 1050Ti (4GB and 768 CUDA cores) and GTX 1080 (8GB and 2560 CUDA cores) driver version 430.86
    AMD FX8350 4.2 GHz, Windows 7 SP1 Home Premium 64-bit, 16GB RAM, nVidia GeForce GTX 1050Ti (416.34, 4GB and 768 CUDA cores)
    Dell Server, Windows 10 Pro, Intel Xeon E3-1220 @3.10 GHz, 8 GB RAM, Quadro K620
    Laptop with Intel i7, nVidia Quadro 2000Mw/ 2GB (377.83 and 192 CUDA cores), Windows 10 Professional 64-bit, 8GB RAM
    Mac Mini 2.26 GHz Core 2 Duo, 4 GB RAM, 10.10.3

  11. #41
    Fórum áss clówn Hopper's Avatar
    Join Date
    Jan 2005
    Location
    Austin
    Posts
    3,393
    Quote Originally Posted by IMI View Post
    But is there anything that CAN'T be cracked? I find it difficult getting my head around the possibility even software can figure out even an eight character password within any reasonable time period.
    Like I told some students a while back - If it's turned on... it can be hacked. When it's not turned on... it can be stolen (then hacked). If someone wants the information bad enough, they can get it.

    With the right equipment I can grab everything off your system even if it's not connected to a network. If I can get close enough, I can take it while sitting in your driveway eating a ham sandwich.
    Playing guitar is an endless process of running out of fingers.

  12. #42
    Registered User AdamAvenali's Avatar
    Join Date
    Apr 2005
    Location
    Savannah, GA
    Posts
    778
    Quote Originally Posted by Hopper View Post
    I can take it while sitting in your driveway eating a ham sandwich.
    Note to self: do not invite hopper to my driveway with ham sandwich

  13. #43
    Fórum áss clówn Hopper's Avatar
    Join Date
    Jan 2005
    Location
    Austin
    Posts
    3,393
    Quote Originally Posted by AdamAvenali View Post
    Note to self: do not invite hopper to my driveway with ham sandwich


    No worries.. I no longer use my powers for evil. I got a little overconfident in college once and got caught. They put me on the "bad list of boys and girls". I was too pompus to consider that there might be someone out there smart enough to catch me. Live and learn. There's always someone out there that's better.
    Playing guitar is an endless process of running out of fingers.

  14. #44
    Pancakes! IMI's Avatar
    Join Date
    Apr 2007
    Location
    Right Here
    Posts
    7,124
    I wanna know where the ham sammich comes in, why it's been apparently revealed as necessary, and what hardships are created for the hacker if you substitute ham with turkey.

  15. #45
    Fórum áss clówn Hopper's Avatar
    Join Date
    Jan 2005
    Location
    Austin
    Posts
    3,393
    Quote Originally Posted by IMI View Post
    I wanna know where the ham sammich comes in, why it's been apparently revealed as necessary, and what hardships are created for the hacker if you substitute ham with turkey.
    Hacking without a sandwich is sacrilege. Technically it should be a cheese sandwich (ala Hitchhikkers Guide), but I prefer the pig. You wouldn't want a hungry hacker anyway. A hungry hacker soon gets grumpy and turns into an a-ss hat and causes damage. Ahhh the days when hacking was a respectable endeavor. It had an understood civility to it. I miss those days. Now the term is fraught with implications of thievery and destruction. 'Real' hackers used to get into places they weren't supposed to be just for the fun of it, leave a little calling card and call it a day. Now it's all about stealing and destroying nformation and monetary gain. What a shame.
    Playing guitar is an endless process of running out of fingers.

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •