diesch at spamfence.net
Sat Dec 9 11:47:25 UTC 2006
Knapp <magick.crow at gmail.com> wrote:
> For you programmers out there how long does it take your computer to
> count to 100,000,000? That is how long it takes to guess your
> password, if it is the last one the computer tries and your password
> is 8 digits long!
If you have 64 characters to use for passwords (you have more) than
there are 64^8=281,474,976,710,656 possible passwords.
If you could check 1,000,000 passwords a second it would take you about
4.5 years in the avarage to crack a password.
> 1000 accounts that I am cracking and I tell my computer to do it for
> me then all I have to do is go on vacation come home a week later and
> get your money or whatever. Do I care that the computer only broke the
> first 500 easy ones? NO! But do you? YES!! Because you were smart and
> had the hardest one! Also easy marks breed more thieves! Thus YOU do
> care about those 500 bad passwords.
When I was an administrator for a university computer lab a few years
ago we regularly tried to crack user's passwords to find the weak ones.
Usually we cracked the first 10 passwords in less than 10 seconds.
If you want to play with this have a look at john:
,----[ john ]
| Package: john
| Description: active password cracking tool
| john, mostly known as John the Ripper, is a tool designed to help systems
| administrators to find weak (easy to guess or crack through brute force)
| passwords, and even automatically mail users warning them about it, if it
| is desired.
| It can also be used with different cyphertext formats, including Unix's
| DES and MD5, Kerberos AFS passwords, Windows' LM hashes, BSDI's extended DES,
| and OpenBSD's Blowfish.
| Homepage: http://www.openwall.com/john/
More information about the ubuntu-users