Passwords. Get an idea of how long it will take to crack yours.

Dj_Jestar · 6 Feb 2012 at 23:28

Pass phrase is the key folks. A simple sentence, or even random words.

"Horse whiskey monkey cheese basin" would need "15.08 thousand trillion trillion trillion centuries" to crack, apparently.

KatanaDV20 · 6 Feb 2012 at 23:30

Adding length will always be more secure than adding symbols

Yea Im starting to see that now. All my important passwords are long phrases with symbols scattered about but I can see now that just sheer length will do the job!

EDIT:
Also people I feel its important to point out that this site is NOT meant to show you how STRONG your password is. He even says it if you scroll down

It is NOT a “Password Strength Meter.”

Read what hes written under that, hes explained it very well as to what hes trying to get at with this site.

Narj · 6 Feb 2012 at 23:30

I always think the common 8 character, mixed caps/numbers thing is stupid. Far better to pick 4 or 5 words and put them together - as this thing shows... the password I use for my wireless key would take:

Online Attack Scenario:
(Assuming one thousand guesses per second) 1.21 hundred thousand trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 1.21 billion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 1.21 million centuries

MikeHunt79 · 6 Feb 2012 at 23:47

It would be handy if you could add your own guesses per second figure, that way I could figure out how secure a keepass file is for example

dave_beast · 7 Feb 2012 at 00:00

(Assuming one thousand guesses per second)1.34 billion trillion centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)13.44 trillion centuries Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)13.44 billion centuries

Ev0 · 7 Feb 2012 at 00:02

Dj_Jestar said:
"Horse whiskey monkey cheese basin"

woah how did you know my password??

Jurax · 7 Feb 2012 at 00:09

whitecrook said:
if I type my password in, hunter2, it just comes up as asterisks why is this

What did you type in? I can't see as you've just posted *******

Hatter The Mad · 7 Feb 2012 at 00:23

Burnsy2023 said:
This is why complex password policies are crap. Having to type and remeber "1)pOhd.£e" is much less secure than "LOLIgotaverydifficultpassword"

Cute example, but you neglect the shortcuts which can be taken by testing dictionary words.

It depends on the words you string together and the breakers you use in between or around.

PistolPete · 7 Feb 2012 at 00:42

8.47 thousand trillion trillion centuries..... long enough.

Reminds me of this:

http://xkcd.com/936/

EDIT: Reading the older posts fail.......

Pho · 7 Feb 2012 at 00:48

No matter how long and secure your password is, if you use the same one on multiple sites the chances of it being stolen are high. Remember if they don't encrypt your password it doesn't matter how long it is if it's leaked. Similarly if you're logging into an HTTP (non-S) site and someone's sniffing your traffic (ignoring man-in-the-middle HTTPS attacks) game over also

.

I tend to use different passwords for things I care about and a random shortish one for throwaway accounts. I don't use it but Keepass is good for that.

Angilion · 7 Feb 2012 at 01:20

Doing some tests with random passwords yields interesting results:

Any random 9 letters in lower case gives:

1.80 centuries, 56.47 seconds and 0.0565 seconds.

Replacing any one of the 9 letters with any symbol changes the results to:

2.80 thousand centuries, 1.02 days and 1.47 minutes.

kilohawk · 7 Feb 2012 at 01:27

Massive cracking array: 1.41 hundred trillion centuries
i think I'm secure enough

manoz · 7 Feb 2012 at 02:09

Forum Password, which is password I use on most forums and unimportant internet things. Least its quick to type lol

Online Attack Scenario:
(Assuming one thousand guesses per second) 3.19 months
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 0.0835 seconds
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 0.0000835 seconds

Dewotter · 7 Feb 2012 at 02:40

The guy who made this Steve Gibson is legit. He hosts a great podcast called Security Now on the TWiT network. The calculations for your password are done client side, I remember him talking how he went to great lengths to get that to work.

I do remember him saying though that the point of the page wasn't as a straight lol my password would take 100 million years to crack. It's more a show of the effectiveness of entropy.

Here's the podcast for those interested on the page itself. http://twit.tv/show/security-now/303

PhillyDee · 7 Feb 2012 at 02:40

Just keep typing in the number 1 . . . .

fail at the internets · 7 Feb 2012 at 03:17

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 0.000806 seconds

Naffa · 7 Feb 2012 at 05:48

fail at the internets said:
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 0.000806 seconds

Appropriate username.

For me:

Online Attack Scenario:
(Assuming one thousand guesses per second) 2.48 hundred trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 2.48 million centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 2.48 thousand centuries

I'm ok with that.

DJMK4 · 7 Feb 2012 at 06:52

1.49 hundred thousand trillion centuries. Online

I think I'm safe

998cc · 7 Feb 2012 at 07:05

Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 6.12 days

Camalot · 7 Feb 2012 at 07:39

Online Attack Scenario:
(Assuming one thousand guesses per second) 1.20 thousand centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 10.45 hours
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 37.61 seconds