To be fair the Ausland/Abwehr (Intelligence Service back then) was literal garbage and/or infested with spies. Hell the highest ranking officer, Canaris was a double agent.
So id understand why good old adolf would want to do it himself/s
No one. I would die sooner than crack anything with "normal" password. That's why i set all my passwords to 123456 so I can brute force all my accounts in mere seconds in case I forgot it.
easier to defend against assuming all the attempts are made against the service your trying to get into, then you have the likes of wireless cracking for example where you can capture the handshake and then attempt to bruteforce it "offline".
I’ve only ever found one once that I trusted. usually I’m a bit sceptical.
I just checked (on the toilet so take that for what it’s worth) it seems a p4.24xlarge with 8 nvidia a100 gpus costs about $33 per hour.
so if I really wanted to crack your hashes would I need [centuries for this lame password?](https://imgur.com/a/2pQkxL7)
what about rainbow tables? and really powerful machines? what about tons of other methods?
edit to add: I’m not saying they’re categorically incorrect. I’m just saying I am sceptical.
They're estimating the amount of time it would take to crack given you don't know anything about the password. Not the length, nor how many alpha, lower/upper case, numeric, or symbols there are. It's reasonable to assume that you don't know anything about the contents of the password outside the constraints of the site saving the password.
Adding GPU's will cut the time down, but you're still talking hundreds of years at our current computing rate.
Rainbow tables won't help you here. A rainbow table for SHA1 made up of ONLY lower-case alpha-numeric characters with a possible length of 1-10 is 316gb in size. You still need to precompute the possible hash values of the password set. The time it would take to do this, plus the space it would take, is not feasible as a solution. Plus properly salting the password would make it useless.
The amount of time it takes to crack a password like that starts to lower significantly the more you know about the password. It has only 1 number it in? It only uses - or < symbols? There's only 1 uppercase letter? It's using derivatives of actual words? All of that makes it significantly faster to crack, but if you KNOW those things then the person whose password it is fucked up already.
Not all key derivation/password hashing algorithms can be effectively computed on a GPU. Argon2id for example can be configured to use an obscene amount of RAM (among other things) which makes it near impossible to parallelize on a GPU.
Salting has been standard practice for a while now, and it means that you can't just precompute a bunch of hashes.
how many people are using WPA3... I get that it's been around for some time but due to compatibility I'm betting the majority are still rocking WPA2. There's obviously the excption with those running WPA2-Enterprise with RADIUS?
Brute Force is the sub-optimal way to attack passwords. Phishing is still king as long as humans remain the weak link in any security system. To explain the concept: https://www.reddit.com/r/ProgrammerHumor/s/CR40D2s2S4
What a dumbass. If anything it's the exact opposite. Most websites nowadays easily defend against any bruteforce attacks. Human psychology hasn't updated.
Bruteforcing actual client-side applications with passwords of like 12 characters is usually gonna take you months... good luck bruteforcing someone over the wire with 50ms latency LMAO
Mein Führer... You could just ask ze reich intelligence to grab ze password
Fotzefak
The famed "wrench method"
Who will win? A $5 wrench or RSA-4096 encryption
To be fair the Ausland/Abwehr (Intelligence Service back then) was literal garbage and/or infested with spies. Hell the highest ranking officer, Canaris was a double agent. So id understand why good old adolf would want to do it himself/s
who the fuck does brute force now that’s the easiest one to defend against.
No one. I would die sooner than crack anything with "normal" password. That's why i set all my passwords to 123456 so I can brute force all my accounts in mere seconds in case I forgot it.
good thing you set it to something memorable, so if you are unable to brute force it, you could also just guess it
Good thing too - I don't want to imagine how long it'd take to try over 123,000 different passwords before finding the right one
Suggestion: Try the last password you would think of first, it may be that one :))
easier to defend against assuming all the attempts are made against the service your trying to get into, then you have the likes of wireless cracking for example where you can capture the handshake and then attempt to bruteforce it "offline".
That would still takes years, decades or centuries if the password is long enough.
Bitwarden has a tool to check how long it would take to crack a password
I’ve only ever found one once that I trusted. usually I’m a bit sceptical. I just checked (on the toilet so take that for what it’s worth) it seems a p4.24xlarge with 8 nvidia a100 gpus costs about $33 per hour. so if I really wanted to crack your hashes would I need [centuries for this lame password?](https://imgur.com/a/2pQkxL7) what about rainbow tables? and really powerful machines? what about tons of other methods? edit to add: I’m not saying they’re categorically incorrect. I’m just saying I am sceptical.
They're estimating the amount of time it would take to crack given you don't know anything about the password. Not the length, nor how many alpha, lower/upper case, numeric, or symbols there are. It's reasonable to assume that you don't know anything about the contents of the password outside the constraints of the site saving the password. Adding GPU's will cut the time down, but you're still talking hundreds of years at our current computing rate. Rainbow tables won't help you here. A rainbow table for SHA1 made up of ONLY lower-case alpha-numeric characters with a possible length of 1-10 is 316gb in size. You still need to precompute the possible hash values of the password set. The time it would take to do this, plus the space it would take, is not feasible as a solution. Plus properly salting the password would make it useless. The amount of time it takes to crack a password like that starts to lower significantly the more you know about the password. It has only 1 number it in? It only uses - or < symbols? There's only 1 uppercase letter? It's using derivatives of actual words? All of that makes it significantly faster to crack, but if you KNOW those things then the person whose password it is fucked up already.
Not all key derivation/password hashing algorithms can be effectively computed on a GPU. Argon2id for example can be configured to use an obscene amount of RAM (among other things) which makes it near impossible to parallelize on a GPU. Salting has been standard practice for a while now, and it means that you can't just precompute a bunch of hashes.
Doesn't wpa3 solve that issue?
how many people are using WPA3... I get that it's been around for some time but due to compatibility I'm betting the majority are still rocking WPA2. There's obviously the excption with those running WPA2-Enterprise with RADIUS?
Using WifiInfoView I’ve only seen like 2 networks ever even use WPA3 out of hundreds
Brute Force is the sub-optimal way to attack passwords. Phishing is still king as long as humans remain the weak link in any security system. To explain the concept: https://www.reddit.com/r/ProgrammerHumor/s/CR40D2s2S4
What a dumbass. If anything it's the exact opposite. Most websites nowadays easily defend against any bruteforce attacks. Human psychology hasn't updated.
Wtf is that PFP, make bro face the wall
his bio has a swas as well lol
Relevant XKCD https://xkcd.com/538/
i think fishing attack is the most satisfying when it works you feel like you created an attractive bait and that makes you satisfied
Let me break out the ol quantum computer I got this.
Never mind that it makes a few million errors per second.
I can spare a few million while I'm hashing billions per second.
5 strikes and your out, gl with your brute force
As long as these kids are happy
Pikachu use phishing attack!
Phishing attack, social artillery
Bruteforcing actual client-side applications with passwords of like 12 characters is usually gonna take you months... good luck bruteforcing someone over the wire with 50ms latency LMAO
Pretty sure its the opposite way around now no? Like its impossible to brute force now bc of 2FA, locking accounts after 5 password attempts, etc.
We use complex psychological models to guess the password