Filed under: Internet, Security, Web services, Open Source
Brute Force Calculator finds your password's staying power
Pay Hackosis a visit, and try out their Brute Force Calculator, an Open Source PHP app based on an Excel spreadsheet from Mandylion Labs.
Hackosis' calculator asks for details about your password - not the password itself. Using the information you provide and some quick computational Kung Fu, you'll get a rough idea of how long it would take someone to discover the correct secret word.
If you use as many web apps as we do, it's essential to use strong, secure passwords. Even if you use a password generator like LastPass, it never hurts to test them.
[ via gHacks ]
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Todd said 5:19PM on 11-11-2008
My results:
"...Your password is 22 characters long and has 569,507,798,450,466,482,558,217,486,336 combinations. It takes 2,071,857,301,236,255,744.00 hours or 86,327,387,551,510,656.00 days to crack your password on computer that tries 137,438,953,472 passwords per hour."
I think I am good for the moment.
Reply
Martin said 5:25PM on 11-11-2008
Todd that's if the attacker uses one computer :)
Reply
Infinityvers said 6:55PM on 11-11-2008
I have been told to use both upper case and lower case letters and numbers too.
But if I use this in the calculator, I get worse result than if I had used only upper case or lower case letters.
Can someone explain this please?
Reply
Infinityvers said 7:00PM on 11-11-2008
Using both lower case and upper case letters seems to be the same as using only upper or lower.
Reply
justaguy said 11:00PM on 11-11-2008
Wait a second...
According to the site: 137,438,953,472 password attempts an hour,
which is 2,290,649,224 a minute
which is 38,177,487 a second.
38 million passwords a second on a "typical PC processor in 2008" ????
That seems a little high to me.
Reply
sicsided said 12:09AM on 11-12-2008
Who says you'll be using your CPU?
Get 4 graphics cards crunching those numbers with their processors and you can hit that number easily.
agashka said 1:53AM on 11-12-2008
I second that, using CUDA, your supposed to do about 130,000,000/sec
And I've been developping a md5 cracker (as side project) that take advantage of multicore computers, cracking @ (only) ~20,000,000/sec per cores.
Split the work, do the math, and you got yourself any password beaten in no time.
Reply
Stuart Halliday said 8:56AM on 11-12-2008
The fact is that any decent GUI has to process the entered password and then after say 10 times it will lock you out for at least 10 minutes.
If it's a web site, then entering passwords via a POST url will never be more than 100 a second even with fast broadband.
I'd like to think sites like Paypal or Banks will have measures to stop hundreds of password attempts on the one account?
If you allow a password hacking program on your computer it still has to scan your files for passwords. So it's the way these files are encrypted that is important.
So the times are meaningless.
Reply
José said 2:57PM on 11-12-2008
I second that.
kemmler said 10:33AM on 1-05-2009
It's not meaningless. The attacker theoretically intercepts the hash of your password, cracks it at their leisure locally, then comes back and enters it once they get a result.
Reply