Nibiru2012
Quick Scotty, beam me up!
- Joined
- Oct 27, 2009
- Messages
- 4,955
- Reaction score
- 1,302
I found an interesting site to check the passwords one may use in their various websites, email, etc.
Go to: http://howsecureismypassword.net/ to check it. The website jokingly states: Created by smallhadroncollider
For what its worth, my password would take 5 days to hack.
However, it I change one of the letters to an Upper-Case it would take 252 days!
Information
Here is some info from the FAQ section of the website.
Is This Safe?
It is actually. I'm not harvesting passwords into an evil database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. Mwuhahahahahaa! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.
The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.
However, for the super-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.
Is This Accurate?
It all depends on who's trying to hack your computer and how they're trying to do it. There are many different ways to try and crack a password and this site only does the calculation for one particular sort of hacking attempt: The Brute Force Attack.
To be honest, it's more likely that the first thing a hacker would try is a Dictionary Attack. This involves trying every word in the dictionary and can be done by a computer in a few seconds. So if your password is just a single word (like "scuttlebutt" or "indubitable") you're probably not very safe.
"Why doesn't the site do a quick check against a dictionary then?", I hear you ask. "Good question", I reply (in interpretative dance). Well, there are two ways I could do that. The first way would be to check the password you type against an online dictionary. But that would involve sending your password over the interwebs, which would be wonderfully insecure. The second way would be to include a full dictionary in the JavaScript file that the site runs on your computer. But that would slow down the site and make the hosting more expensive. So I just don't bother.
Moral of the story? Don't use words out of the dictionary for passwords.
How It Works
It's just a bit of simple maths: (number of possible characters to the power of length of the password) divided by calculations per second Length of the password is nice and easy to work out: it's just the number of characters in your password. For example 'cat' has 3 characters and 'monkey' has 12.
"Monkey has 12?", you ask.
"No it doesn't", I reply, "It's got 6. You should probably learn to count."
Calculations per second is a bit more of a figure. On the site it's set to 10,000,000, which is an approximate number of passwords a regular computer might be able to try every second. But it's going to depend on the computer as well as what the password is for. A lot of sites and programs won't let you try more than three passwords in the space of ten minutes, which would render a brute force attack pretty useless.
Number of possible characters is a bit more complicated. For alphanumeric characters it's easy enough: there are 26 possible lowercase characters; uppercase adds another 26; digits add another 10. It gets a bit more tricky after that: there are well over a million other symbols that a computer is capable of putting into a text field – e.g. ?, ß, Й, 葉, . Not all sites and programs can accept these in password fields and different hacking tools will try different non-alphanumeric characters.
Currently this site will only check against the 13 most common symbols in English: ! @ # $ % ^ , & * ? _ ~ -
Any other symbols will be ignored. That's not ideal, but I've not thought of a better system yet.
Here's a site to go to for info on creating secure passwords: http://www.lockdown.co.uk/?pg=password_guide
Go to: http://howsecureismypassword.net/ to check it. The website jokingly states: Created by smallhadroncollider
For what its worth, my password would take 5 days to hack.
Information
Here is some info from the FAQ section of the website.
Is This Safe?
It is actually. I'm not harvesting passwords into an evil database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. Mwuhahahahahaa! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.
The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.
However, for the super-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.
Is This Accurate?
It all depends on who's trying to hack your computer and how they're trying to do it. There are many different ways to try and crack a password and this site only does the calculation for one particular sort of hacking attempt: The Brute Force Attack.
To be honest, it's more likely that the first thing a hacker would try is a Dictionary Attack. This involves trying every word in the dictionary and can be done by a computer in a few seconds. So if your password is just a single word (like "scuttlebutt" or "indubitable") you're probably not very safe.
"Why doesn't the site do a quick check against a dictionary then?", I hear you ask. "Good question", I reply (in interpretative dance). Well, there are two ways I could do that. The first way would be to check the password you type against an online dictionary. But that would involve sending your password over the interwebs, which would be wonderfully insecure. The second way would be to include a full dictionary in the JavaScript file that the site runs on your computer. But that would slow down the site and make the hosting more expensive. So I just don't bother.
Moral of the story? Don't use words out of the dictionary for passwords.
How It Works
It's just a bit of simple maths: (number of possible characters to the power of length of the password) divided by calculations per second Length of the password is nice and easy to work out: it's just the number of characters in your password. For example 'cat' has 3 characters and 'monkey' has 12.
"Monkey has 12?", you ask.
"No it doesn't", I reply, "It's got 6. You should probably learn to count."
Calculations per second is a bit more of a figure. On the site it's set to 10,000,000, which is an approximate number of passwords a regular computer might be able to try every second. But it's going to depend on the computer as well as what the password is for. A lot of sites and programs won't let you try more than three passwords in the space of ten minutes, which would render a brute force attack pretty useless.
Number of possible characters is a bit more complicated. For alphanumeric characters it's easy enough: there are 26 possible lowercase characters; uppercase adds another 26; digits add another 10. It gets a bit more tricky after that: there are well over a million other symbols that a computer is capable of putting into a text field – e.g. ?, ß, Й, 葉, . Not all sites and programs can accept these in password fields and different hacking tools will try different non-alphanumeric characters.
Currently this site will only check against the 13 most common symbols in English: ! @ # $ % ^ , & * ? _ ~ -
Any other symbols will be ignored. That's not ideal, but I've not thought of a better system yet.
Here's a site to go to for info on creating secure passwords: http://www.lockdown.co.uk/?pg=password_guide
Last edited: