Filed under: Internet, Security, Web services, Open Source
Brute Force Calculator finds your password's staying power
Pay Hackosis a visit, and try out their Brute Force Calculator, an Open Source PHP app based on an Excel spreadsheet from Mandylion Labs.
Hackosis' calculator asks for details about your password - not the password itself. Using the information you provide and some quick computational Kung Fu, you'll get a rough idea of how long it would take someone to discover the correct secret word.
If you use as many web apps as we do, it's essential to use strong, secure passwords. Even if you use a password generator like LastPass, it never hurts to test them.
[ via gHacks ]
I don't know if this is a labor of love or merely the brainchild of four very gifted games designers, but Level Up is a really weird mash-up of gaming elements that you have probably never seen in a Flash game before.
Let's start with the premise itself: Groundhog Day meets Memento. The game experience revolves around 'days': you explore the world and the clock slowly ticks towards the evening. You bounce around picking up gems and talking to the denizens of 'Level Upland'. Eventually you feel tired and head back to ...
Reader Comments (Page 1 of 1)
Todd said 5:19PM on 11-11-2008
My results:
"...Your password is 22 characters long and has 569,507,798,450,466,482,558,217,486,336 combinations. It takes 2,071,857,301,236,255,744.00 hours or 86,327,387,551,510,656.00 days to crack your password on computer that tries 137,438,953,472 passwords per hour."
I think I am good for the moment.
Reply
Martin said 5:25PM on 11-11-2008
Todd that's if the attacker uses one computer :)
Reply
Infinityvers said 6:55PM on 11-11-2008
I have been told to use both upper case and lower case letters and numbers too.
But if I use this in the calculator, I get worse result than if I had used only upper case or lower case letters.
Can someone explain this please?
Reply
Infinityvers said 7:00PM on 11-11-2008
Using both lower case and upper case letters seems to be the same as using only upper or lower.
Reply
justaguy said 11:00PM on 11-11-2008
Wait a second...
According to the site: 137,438,953,472 password attempts an hour,
which is 2,290,649,224 a minute
which is 38,177,487 a second.
38 million passwords a second on a "typical PC processor in 2008" ????
That seems a little high to me.
Reply
sicsided said 12:09AM on 11-12-2008
Who says you'll be using your CPU?
Get 4 graphics cards crunching those numbers with their processors and you can hit that number easily.
agashka said 1:53AM on 11-12-2008
I second that, using CUDA, your supposed to do about 130,000,000/sec
And I've been developping a md5 cracker (as side project) that take advantage of multicore computers, cracking @ (only) ~20,000,000/sec per cores.
Split the work, do the math, and you got yourself any password beaten in no time.
Reply
Stuart Halliday said 8:56AM on 11-12-2008
The fact is that any decent GUI has to process the entered password and then after say 10 times it will lock you out for at least 10 minutes.
If it's a web site, then entering passwords via a POST url will never be more than 100 a second even with fast broadband.
I'd like to think sites like Paypal or Banks will have measures to stop hundreds of password attempts on the one account?
If you allow a password hacking program on your computer it still has to scan your files for passwords. So it's the way these files are encrypted that is important.
So the times are meaningless.
Reply
José said 2:57PM on 11-12-2008
I second that.
kemmler said 10:33AM on 1-05-2009
It's not meaningless. The attacker theoretically intercepts the hash of your password, cracks it at their leisure locally, then comes back and enters it once they get a result.
Reply