![How secure is your password? [880x880 - 1.02MB]](https://pic8.co/sh/zHlpLg.png){kind=link}
thats only brute force time there are many algs that can shorten it
There is that, but there is also that these numbers only apply if the "hacker" has the hash in hand. If someone tried to get into my computer via ssh they couldn't guess a 6 character password in reasonable time.
If that were brute force the only thing that would matter would be length. The character complication of the password is irrelevant to it's strength against brute force.
e:
Every single one of you is ignoring the first five words of this reply and it's fucking annoying. The context is brute force, any other method is irrelevant as any other method is not brute force.
If that were brute force the only thing that would matter would be length. The character complication of the password is irrelevant to it's strength against brute force.
Wrong. The extra class of characters adds more combinations. For example, an 8 character password of just lowercase letters = 268. Add in uppercase and you get 528. It's the difference between 5 seconds and 22 minutes per the chart.
None of what you stated makes any difference to what I said.
Yes it adds more complication, but it adds more complication to every length password. So to get t 123456789 you would have to test every 8 length password combination with this new class of characters.
The literal ONLY thing that matters with resepect to brute force is password length. That's it.
One does not brute force everything one character after the other. First you do a dictionary attack. Then a number attack, then a lowercase letter attack. With some stepping to vary approaches as length increases.
Just add a second or so to each login attempt. This is already done by bcrypt, luks and probably most other sane systems that are also "timing attack" safe (research.kudelskisecurity.com).
first you do these series of attacks that aren't brute force
Did you even read my post?
If that were brute force
Five words in and the context is set. "brute force".
(post is archived)