And all it takes is one data leak to turn that super secure password into yet another hopium idea that it matters how secure said password is
12 chars, 4th column... 2,000 years >> green
18 chars, 3rd column... 6,000,000,000,000 years >> yellow
If you print this chart on toilet paper you'll get more intellectual value out of it than by reading it.
thats only brute force time there are many algs that can shorten it
There is that, but there is also that these numbers only apply if the "hacker" has the hash in hand. If someone tried to get into my computer via ssh they couldn't guess a 6 character password in reasonable time.
If that were brute force the only thing that would matter would be length. The character complication of the password is irrelevant to it's strength against brute force.
e:
Every single one of you is ignoring the first five words of this reply and it's fucking annoying. The context is brute force, any other method is irrelevant as any other method is not brute force.
If that were brute force the only thing that would matter would be length. The character complication of the password is irrelevant to it's strength against brute force.
Wrong. The extra class of characters adds more combinations. For example, an 8 character password of just lowercase letters = 268. Add in uppercase and you get 528. It's the difference between 5 seconds and 22 minutes per the chart.
None of what you stated makes any difference to what I said.
Yes it adds more complication, but it adds more complication to every length password. So to get t 123456789 you would have to test every 8 length password combination with this new class of characters.
The literal ONLY thing that matters with resepect to brute force is password length. That's it.
One does not brute force everything one character after the other. First you do a dictionary attack. Then a number attack, then a lowercase letter attack. With some stepping to vary approaches as length increases.
Just add a second or so to each login attempt. This is already done by bcrypt, luks and probably most other sane systems that are also "timing attack" safe (research.kudelskisecurity.com).
first you do these series of attacks that aren't brute force
Did you even read my post?
If that were brute force
Five words in and the context is set. "brute force".
Coolio it all GAY and SHIT
This is how long it would take a hacker to generate your password randomly over an enormous bucket of passwords
This is not how long it would take to insert the entire list into your account to gain access.
Basically this is irrelevant
Hackers get in - not by randomly generating password.
honestly in a world filled with so much traffic, we can usually just listen and MITM our way in one step at a time.
and once you get on the router side, its pretty wide open as most people do not consider what "could" be happening (while you are doing it)
This isn't a "hacker" cracking your password this is a password cracking program that someone would use as a brute force attack on your account.
anyone else remember "correcthorsebatterystaple"?
Why does the chart's color not track value. Ocd triggered.
I've cracked 8+ with mixed case and symbols in less that 4s before.
Not typical, but it can happen.
![How secure is your password? [880x880 - 1.02MB]](https://pic8.co/sh/zHlpLg.png){kind=link}
(post is archived)