Passwords. Get an idea of how long it will take to crack yours.

Soldato
Joined
17 Apr 2006
Posts
3,165
Location
3rd rock...
OcUk check this out if youre bored...

https://www.grc.com/haystack.htm
Its a secure website (HTTPS)

Test your passwords here or make one up (following your USUAL pattern of password creation) to see how secure it is.

The difference is that this site also gives you an idea of how long it would take to crack your password using a brute-force attack.

Its important that you create a password like you NORMALLY do otherwise you wont get an honest idea of how secure they are - So for example if you never use symbols in your passwords dont use symbols when you test them.

View the results and then chuck some symbols in and see the difference it makes :D

I typed in one of my most secure passwords (and Im crazy on symbols). My results:

------------------------------------------------------------------------
Search Space Depth (Alphabet): 26+10+33 = 69
Search Space Size (as a power of 10): 4.88 x 1060

Time Required to Exhaustively Search this Password's Space:Online Attack Scenario
(Assuming one thousand guesses per second)
1.55 trillion trillion trillion trillion centuries

Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)
15.51 thousand trillion trillion trillion centuries

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)
15.51 trillion trillion trillion centuries
------------------------------------------------------------------------

Hahaha pretty sha-weet :o
 
Last edited:
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.04 seconds

Not very secure!
 
Haha, the one i use for logging on to my pc/laptop would be cracked in 0.029 seconds in a Massive Cracking Array scenario :o

oops
 
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 2.29 minutes

For work system

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 0.0000835 seconds :eek:
 
Thats not really a great indication i.e. there are still sites out there that store your password as an 8byte hash for instance so regardless of how complex and non-dictionary you make it it won't be overly secure. Some sites will use intelligent throttling or account locking to prevent brute force attempts and so on which would increase the time even with a weak password.


Just simply putting .. at the start of a weak password will work wonders too atm.
 
Last edited:
I think my truecrpyt password is safe.:p

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 30.36 million trillion trillion trillion trillion trillion centuries
 
Interesting idea though I don't think that the more powerful techniques are applicable to most real world scenarios.
 
Online Attack Scenario: (Assuming one thousand guesses per second) 7.39 thousand trillion trillion trillion trillion centuries
Massive Cracking Array Scenario: (Assuming one hundred trillion guesses per second) 73.87 thousand trillion trillion trillion centuries
:D

I think that my passwords are fairly decent, but as others have said if the hashing algorithms for online sites aren't suitable then it's not going to be as secure as you think.
 
Back
Top Bottom