I thought the ideal combination was a somewhat complex password as well as a exponential backoff/lockout period?
If you thought an 8 char password would be safe because it was complex you are wrong. It takes just 6 hours for our team to brute force the entire 8 character password space and only 4 minutes if your password is 7 characters. https://www.criticalstart.com/2019/08/cracking-hashes-with-cthulhu/ …https://twitter.com/CharlesDardaman/status/1139219224591814656 …
-
-
-
If you want to slowdown brute force attempts on a webpage/network service then lockouts are great, if the attacker has the hashes to crack then lockouts are useless because they will log in with the correct password whenever its cracked.
- Još 4 druga odgovora
Novi razgovor -
-
-
But does your password complexity support model take into consideration people who type REALLY loud and if they fat finger it, have to type it, REALLY loud, again?
-
You should just shout at
@TheVega next time - Još 1 odgovor
Novi razgovor -
-
-
So true. What character range does this include?
-
For brute forcing? All characters
Kraj razgovora
Novi razgovor -
-
-
Since we have finally finished putting together our newest hash cracker we have some benchmarks to share. CC everyone who worked on it:
@M3chSec@paragonsec@BlaiseBrignac@WeDemMoezpic.twitter.com/ERkrNlR2yY
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Read that it doesn't really make a big difference which characters you use in your password and that concatening unrelated words would be as good as a random string the same length. Is this true?
-
Tweet je nedostupan.
- Još 5 drugih odgovora
Novi razgovor -
-
-
It is at this time I'd like to start using magic as my authentication mechanism. Magic is entirely irrational so just try to get a computer to crack its hashes. It is also multifactor as I need to know the spell AND have my wand in order to log in.
-
A that point we may not need to crack anything. It would only a matter of time until someone develops a Spell casting replay attacks and Wand-ID impersonation hardware.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.