5 Quadrillion Years for a desktop PC to crack my password. lol


Sorry if this is in the wrong place.
But I was just curious, as I post a lot of screenshots of my user and pc name, So I found a password tester on PC tech tips.com .

http://www.online-tech-tips.com/computer-tips/test-your-password-strength/

I checked out both of them,
linked on that site.

The first link, is where I got this screenshot from,
and the second link, said that my pswd was "very strong" at a bit under 80%.

I always thought it was probably quite good,
but never knew if it really was or not. lol

I thought some of you might also like to see how good the passwords you have chosen are.
and if they are as good as you thought, or better, or worse?

Mine appears to be better than I thought.

I checked out a couple other passwords i have for minor things,
and one of them would be crackable by a desktop PC in 6 days. But that's the worst I had. Another one i use was 5 years, and one other was about 607 thousand years. lol

Then, I tried the password my sister uses in her PC at her house,
(That i often help her with)So she gives it to me freely,
It would be cracked in...
you ready?....

30 seconds!


wow! lol
I always tell her to change it,
but she always says "eh, its easy to remember"
(and she is an anthropologist) / :lol:

maybe shell change it after this. lol

There are other people close to me, with equally weak passwords for their systems.

Crazy.

Of course, this is only if a single desktop PC was doing the work.

My password is random. I have a PC hooked up to my laptop through a modem that I set up to accept a signal only once every ten minutes. My other computer uses an algorithm I created to create a 128 letter/number string broken up into groups of four for easy reading that it displays on the monitor hooked up to the other screen. It's never connected to the internet. It transmits this password in my config files to change the password on my laptop.

The above is a lie, and I'm pretty sure that thing would tell me I have a very weak password.

My password is random. I have a PC hooked up to my laptop through a modem that I set up to accept a signal only once every ten minutes. My other computer uses an algorithm I created to create a 128 letter/number string broken up into groups of four for easy reading that it displays on the monitor hooked up to the other screen. It's never connected to the internet. It transmits this password in my config files to change the password on my laptop.

The above is a lie, and I'm pretty sure that thing would tell me I have a very weak password.

haha, ohh man.
You had me for a minute!
I was thinking..
"maaan, now that's the kinda stuff I want to learn!" LOL :P

thought you were about to go all 'quantum encryption' on me. :lol:
That stuff fascinates me, but never even in 5 quadrillion years would I grasp some of that stuff. lol

Can't even use ToR properly. haha

Oh yeah.
I wanted to share the one that would take 30 seconds to crack, of my sisters~
"zeezee". lmaoo

My password is random. I have a PC hooked up to my laptop through a modem that I set up to accept a signal only once every ten minutes. My other computer uses an algorithm I created to create a 128 letter/number string broken up into groups of four for easy reading that it displays on the monitor hooked up to the other screen. It's never connected to the internet. It transmits this password in my config files to change the password on my laptop.

My passwords actually *are* random and I don't even bother remembering them. I have a script running on my server that generates them for me based on a hashing algorithm I wrote that takes into account... some stuff. The only one I remember (rated 5 quadrillion years) is that of my SSH private key that I use to connect home. Simple.

My passwords actually *are* random and I don't even bother remembering them. I have a script running on my server that generates them for me based on a hashing algorithm I wrote that takes into account... some stuff. The only one I remember (rated 5 quadrillion years) is that of my SSH private key that I use to connect home. Simple.

so....how do you log in and how many years have you been with NSA?

Something to bear in mind ;)


http://imgs.xkcd.com/comics/security.png

Originally Posted by Xianath
My passwords actually *are* random and I don't even bother remembering them. I have a script running on my server that generates them for me based on a hashing algorithm I wrote that takes into account... some stuff. The only one I remember (rated 5 quadrillion years) is that of my SSH private key that I use to connect home. Simple.

niice!

LOL paqman, nice one. :D

our military builds large clusters with PS3's. lol

niice!

LOL paqman, nice one. :D

our military builds large clusters with PS3's. lol

Not anymore, Sony removed Linux, and I think the military updated the PS3s and lost their clustering ability. I may be wrong, it's hard to tell what actually happened from PS3 fanboy conspirators .

yeah LB, I think you're right.

So, to test the security of my password, I'll need to go to this site I've never heard of before and enter my password?

On it!

5 Quadrillion Years for a desktop PC to crack my password. lol
But I was just curious, as I post a lot of screenshots of my user and pc name, So I found a password tester on PC tech tips.com .

http://www.online-tech-tips.com/computer-tips/test-your-password-strength/
...

Mine appears to be better than I thought.



Except that you've submitted it to a web site, and for all you know that webmaster might have put up that password tester to collect strong passwords for his wordlist. So your password is now included in a dictionary attack, which will be considerably shorter than the 5 quadrillion years you boast.
Moreover, that webmaster can also log your IP address, so he knows on which computer that password you submitted is being used.

If you're going to be paranoid, at least do it right
:)

There's no way! Who would type their passwords into this website? That's insanity!

It takes a huge level of stupidy to enter your password to that site.
The secure password is 32+ in length containing letters, numbers. And even that isn't 100% secure.

I've used some password cracking software and found that characters are what really throws the cracking software for a loop. So add a random symbol in the mix to choke the crackers.

It takes a huge level of stupidy to enter your password to that site.
The secure password is 32+ in length containing letters, numbers. And even that isn't 100% secure.

Hey, you avatar stealer. :(

I prefer using 12345. It's so easy, no one will guess it.

So, to test the security of my password, I'll need to go to this site I've never heard of before and enter my password?

On it!

thats exactly what i was thinking!



I prefer using 12345. It's so easy, no one will guess it.

but, thats probably one of the very first things a "dictionary" attack would try...

Hey, you avatar stealer. :(

I thought that was you for a second. :(

I entered my password and its 151 trillion years. Now I must change it :(

I entered my password and its 151 trillion years. Now I must change it :(

make sure you test your new password as well, to check if it is at least as strong as the old one.

Is This Safe?

It is actually. I'm not harvesting passwords into an evil database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. Mwuhahahahahaa! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.

The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.

However, for the super-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.
Source (http://howsecureismypassword.net/faq/#safe)

Sounds safe. Anyway:
Desktop password
http://imgur.com/v0kFnl.jpg (http://imgur.com/v0kFn.png)
Server root
http://imgur.com/5Xopxl.jpg (http://imgur.com/5Xopx.png)
Router root
http://imgur.com/CUZtTl.jpg (http://imgur.com/CUZtT.png)

I think I should be safe xD

I tested the system, and I figured the supposed desktop takes between 1 and 10 microseconds to test a password. If it takes one cycle to test a password, that would be between 1 and 10 MHz.

I think I should be safe xD

I think it's making those numbers up.

I wouldn't put my passwords into it, no matter the disclaimer says.

I followed the disclaimers advice and entered something constructed exactly like my password, not my actual password, then entered that :)

My main password says 42 years, but it's not the best password. >.>

My private SSH key says it'll take 237 years. Could be better, I suppose, but meh.

My randomly generated passwords for websites = 2 trillion years. Hurray for password managers.

If anyone wants me to properly check their password with a special application I have created, just PM your password with your IP and I will send you a PM back with an analysis of your password. Please be sure to let me know (only to save me time you see) if this is your desktop password, server etc.

I have a spreadsheet I use for generating passwords and passphrases. The first password it generated gave 6 trillion years to solve. The first passphrase it generated gave 565,892,495,532 nonillion years to solve.

I have a spreadsheet I use for generating passwords and passphrases. The first password it generated gave 6 trillion years to solve. The first passphrase it generated gave 565,892,495,532 nonillion years to solve.
Nice.

Nice.

I'm not to sure about the app. I have root, admin, superuser privileges on computers a work. I tried variations of a common password I see all the time, e.g., P@ssw0rd123, and it gave a million years to crack it.
:lolflag:
Those are the first ones I try if I'm not sure of the root, admin, superuser password on a new system.

And, what does nonillion mean?

Except that you've submitted it to a web site, and for all you know that webmaster might have put up that password tester to collect strong passwords for his wordlist. So your password is now included in a dictionary attack, which will be considerably shorter than the 5 quadrillion years you boast.
Moreover, that webmaster can also log your IP address, so he knows on which computer that password you submitted is being used.

If you're going to be paranoid, at least do it right
:)

Lol, I did.

I took that into consideration,
for about 15 minutes before I actually did it. lol

and I am not paranoid, or I would not have done it. lol

Just curious is all.

and for whatever it's worth, I changed my password slightly after doing this.
I kept it mostly the same, but a majority of it I changed in certain ways ,
and there will be no issues. lol

Boast? lol, I was just repeating the result, not boasting about "how secure i am". lol

Anyone actually look at the sourcecode of the javascript?

I entered my password and its 151 trillion years. Now I must change it :(

yeah that's what I did.

Love how people are throwing around "how stupid" lol.
Maybe if one was a stupid person, it would be stupid to do.
But I am aware of what I need to be aware of.

So whose paranoid now? lol


If anyone wants me to properly check their password with a special application I have created, just PM your password with your IP and I will send you a PM back with an analysis of your password. Please be sure to let me know (only to save me time you see) if this is your desktop password, server etc.

Ohh sweet! what a service!

sending you all my passwords and what they are all for, now! :D
lol

Anyone actually look at the sourcecode of the javascript?

I actually did look at it.
I am not *by far* the best at reading it,
but saw nothing to make me suspicious. lol

Doesn't Ubuntu grade your user account password? I pretty sure the Ubuntu installer gives a rating when you create your password during installation, but i don't know about the availability of that feature afterwards.

a password i use which is important i tried -

says 17,884 nonillion years it would take :D

Anyone actually look at the sourcecode of the javascript?

Yes, I did.

5 Quadrillion Years for a desktop PC to crack my password. lol


Sorry if this is in the wrong place.
But I was just curious, as I post a lot of screenshots of my user and pc name, So I found a password tester on PC tech tips.com .

http://www.online-tech-tips.com/computer-tips/test-your-password-strength/

I checked out both of them,
linked on that site.

The first link, is where I got this screenshot from,
and the second link, said that my pswd was "very strong" at a bit under 80%.

I always thought it was probably quite good,
but never knew if it really was or not. lol

I thought some of you might also like to see how good the passwords you have chosen are.
and if they are as good as you thought, or better, or worse?

Mine appears to be better than I thought.

I checked out a couple other passwords i have for minor things,
and one of them would be crackable by a desktop PC in 6 days. But that's the worst I had. Another one i use was 5 years, and one other was about 607 thousand years. lol

Then, I tried the password my sister uses in her PC at her house,
(That i often help her with)So she gives it to me freely,
It would be cracked in...
you ready?....

30 seconds!


wow! lol
I always tell her to change it,
but she always says "eh, its easy to remember"
(and she is an anthropologist) / :lol:

maybe shell change it after this. lol

There are other people close to me, with equally weak passwords for their systems.

Crazy.

Of course, this is only if a single desktop PC was doing the work.

I imputed my strong OS password and it claimes it would take: About 565 septillion years. But after testing some mundane stuff, its clear the time isn't realistic. :/

I was directed here from a topic that I was posting on

http://ubuntuforums.org/showthread.php?p=9782019#post9782019

after asking the question of a site that is trust worthy. I'm not sure that my question has been answered though. I still think its hard to guarantee the true motifs of any site. As for using a slightly different password, I think it would have to be completely different as if you changed it just slightly and it was logged, then there would be at least an indication to the pattern of the password;

eg.
If you entered "abc123" then changed or had your actual one as "xyz789", the pattern is still the same, 3 letters followed by 3 numbers.

Does any one know off an app like john that runs on Ubuntu these days? Or even how to write something like a spreadsheet that would calculate it in an accurate way?

Yes, I did.

I glanced over it, but didn't see anything bad.. soo.. :P


I was directed here from a topic that I was posting on

http://ubuntuforums.org/showthread.php?p=9782019#post9782019

after asking the question of a site that is trust worthy. I'm not sure that my question has been answered though. I still think its hard to guarantee the true motifs of any site. As for using a slightly different password, I think it would have to be completely different as if you changed it just slightly and it was logged, then there would be at least an indication to the pattern of the password;

eg.
If you entered "abc123" then changed or had your actual one as "xyz789", the pattern is still the same, 3 letters followed by 3 numbers.

Does any one know off an app like john that runs on Ubuntu these days? Or even how to write something like a spreadsheet that would calculate it in an accurate way?

I'm not sure about how to do it via spreadsheet, but I'm curious about it as well.

And, what does nonillion mean?
10^30, or 1000000000000000000000000000000. In other words, well after the degenerate era, shortly before nucleons are starting to decay; the last stars have long since faded from the night sky.

~3 years for SSH private key pass, and of course you would need to get my public and private key files first

My login password for my everyday laptop: About 3 quadrillion years
The password I use for PGP: About 565,892,495,532 nonillion years

Something to bear in mind ;)


http://imgs.xkcd.com/comics/security.png


Seriously, I saw a show where they got professional security guys/hackers to try and break into a companies network. They tried everything and couldn't get in.

They eventually got in by calling the help desk and pretending to be a user and got their password changed...:)

It's always the dumbest/easiest thing that works and usually involves dumb humans.

Social engineering > brute force. The users are the weakest link.

It takes a huge level of stupidy to enter your password to that site.
I think that any sensible user wouldn't submit his/her actual password but something built in a similar way.

For example, if you have a password that is P@5sW0rD, you'd better insert something like U!4hT8fY which is built exactly in the same way but has nothing to do with it.

It takes a huge level of stupidy to enter your password to that site.

Or one could open up Firebug and trivially see that no data is ever actually transmitted to an outside party, nor is anything you type ever stored in any way that would be accessible by a third-party.

Everything is done using JS, which runs locally, confined within your own browser. If your passwords were sent to the server then you'd be an idiot for typing them in. But this website looks to be safe in that respect.

10^30, or 1000000000000000000000000000000. In other words, well after the degenerate era, shortly before nucleons are starting to decay; the last stars have long since faded from the night sky.

haha, beautiful man! :D <3

and I also support wikileaks. :D
Respect <3 lol


Or one could open up Firebug and trivially see that no data is ever actually transmitted to an outside party, nor is anything you type ever stored in any way that would be accessible by a third-party.

Everything is done using JS, which runs locally, confined within your own browser. If your passwords were sent to the server then you'd be an idiot for typing them in. But this website looks to be safe in that respect.

+1

Or one could open up Firebug and trivially see that no data is ever actually transmitted to an outside party, nor is anything you type ever stored in any way that would be accessible by a third-party.

Everything is done using JS, which runs locally, confined within your own browser. If your passwords were sent to the server then you'd be an idiot for typing them in. But this website looks to be safe in that respect.

+1.

Even if you were super paranoid, you could just save it and open in it a VM with no internet access...

15 thousand years to crack my WPA-2 passcode...not bad at all. :D

Everything else was pretty weak though, less than 15 days to crack all my other minor passwords. Perhaps I should remedy that.

The actual reality is that nobody cares about breaking any of your passwords in the first place.

I can not put much stock in an app that calls the following a very strong and complex password

./././././././././


At least the other site says it would take 0 seconds to crack it ;)

The actual reality is that nobody cares about breaking any of your passwords in the first place.

you've never seen logs of or threads about brute force / scripted attacks against, say, ssh on PC's with a public IP address, or threads about trouble with VNC and weak passwords ?

you've never seen logs of or threads about brute force / scripted attacks against, say, ssh on PC's with a public IP address, or threads about trouble with VNC and weak passwords ?

Pretty sure most of those attacks are due to having vino/ssh allowed access to the internet without being properly secured. There are bots that do constant port scans and if they see a service running, they'll try to get in.

Not anymore, Sony removed Linux, and I think the military updated the PS3s and lost their clustering ability. I may be wrong, it's hard to tell what actually happened from PS3 fanboy conspirators .

Nope. The PS3s are stull up and running, the military doesnt hook them up online, so no need for sonys dodgy firmware update.

http://www.tgdaily.com/games-and-entertainment-brief/49779-ps3-firmware-update-causes-headaches-for-us-air-force


Social engineering > brute force. The users are the weakest link.

As always. Nature has never given up on the idea of building better idiots. ;)

So, to test the security of my password, I'll need to go to this site I've never heard of before and enter my password?

On it!

Lol, this.

Pretty sure most of those attacks are due to having vino/ssh allowed access to the internet without being properly secured. There are bots that do constant port scans and if they see a service running, they'll try to get in.

yes, and they don't need passwords for that ?

yes, and they don't need passwords for that ?

Most attacks are dictionary based, so if you use a crappy password, it's your own fault.

Most attacks are dictionary based, so if you use a crappy password, it's your own fault.

my point, earlier, was that a password testing website could be an effective mechanism to populate word lists for dictionary attacks.

It would take
About 565,892,495,532 nonillion years
for a desktop PC to crack your password

of course its not my password :D
i was just trying to get a big number..funny :D:D

Or one could open up Firebug and trivially see that no data is ever actually transmitted to an outside party, nor is anything you type ever stored in any way that would be accessible by a third-party.

Everything is done using JS, which runs locally, confined within your own browser. If your passwords were sent to the server then you'd be an idiot for typing them in. But this website looks to be safe in that respect.

I too confirmed this with both Firebug and some visual inspection of the code. I see nothing unusual.

Just passing through.

<farce>
My password is gribbinfarglezump. See if you can crack it.
</farce>

Heh, password for my spam email accounts would take a quadrillion years to crack. Somehow I doubt that.

I prefer using 12345. It's so easy, no one will guess it.
Yeah, they think, "Who would use such a simple password?" and go out of their way doing advanced things when it could have been hacked years ago.

I thought that was you for a second. :(
So did I.
This thing is not accurate.

5 Quadrillion Years for a desktop PC to crack my password. lol


Sorry if this is in the wrong place.
But I was just curious, as I post a lot of screenshots of my user and pc name, So I found a password tester on PC tech tips.com .

http://www.online-tech-tips.com/computer-tips/test-your-password-strength/

I checked out both of them,
linked on that site.

The first link, is where I got this screenshot from,
and the second link, said that my pswd was "very strong" at a bit under 80%.

I always thought it was probably quite good,
but never knew if it really was or not. lol

I thought some of you might also like to see how good the passwords you have chosen are.
and if they are as good as you thought, or better, or worse?

Mine appears to be better than I thought.

I checked out a couple other passwords i have for minor things,
and one of them would be crackable by a desktop PC in 6 days. But that's the worst I had. Another one i use was 5 years, and one other was about 607 thousand years. lol

Then, I tried the password my sister uses in her PC at her house,
(That i often help her with)So she gives it to me freely,
It would be cracked in...
you ready?....

30 seconds!


wow! lol
I always tell her to change it,
but she always says "eh, its easy to remember"
(and she is an anthropologist) / :lol:

maybe shell change it after this. lol

There are other people close to me, with equally weak passwords for their systems.

Crazy.

Of course, this is only if a single desktop PC was doing the work.
it will take YEARS for anyone to crack my password. because there is no type in password. You need my phone, and my (Secret) GPG key before you can login

it will take YEARS for anyone to crack my password. because there is no type in password. You need my phone, and my (Secret) GPG key before you can login

That sounds very secure, how long does it take to login?

That sounds very secure, how long does it take to login?
5 seconds.
Computer detects cell and asks for GPG key. I drag it into the window that opens up on my android, and it transmits the key to the computer.

5 seconds.
Computer detects cell and asks for GPG key. I drag it into the window that opens up on my android, and it transmits the key to the computer.

That sounds like the type of secutrity that I want on my system.

That sounds like the type of secutrity that I want on my system.
it took me all summer to make the two apps -_-

"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaa"

Will apparently take about 8 octillion years to crack.

it took me all summer to make the two apps -_-

So you made them yourself did you? So could they be used on other systems or is that just specific to your set up?

it took me all summer to make the two apps -_-

You should try selling it in Ubuntu Software Center for Ubuntu 10.10 :)

So you made them yourself did you? So could they be used on other systems or is that just specific to your set up?
setup specific.
I use gentoo.

"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaa"

Will apparently take about 8 octillion years to crack.

Year the whole thing works of the length. It doesn't really have anything to do with the contents of the password its self.

I put my old secret GPG key in (4x1024 bits) (As stated above, I use my GPG key for logging in)

My HD is going to die before you crack the password.

see how secure I am? :D

More secure than yours CJ :D

Not sure how accurate the site is... but it said my password would take... About 20 quintillion years Then again it is now in a Rainbow table and will take less than 3 days. goes to change his password again.

5 seconds.
Computer detects cell and asks for GPG key. I drag it into the window that opens up on my android, and it transmits the key to the computer.

Wow that's pretty cool. :D