also there are larger dictionaries out there and what are called rainbow tables. basically 80% of the time a password will be contained in these so after throwing the tables at it if you don't get your password then do a brute-force. but if your really concerned of course you'll need to do one-time use passwords and get them in a secure channel for any remote access.
btw you know what1. r@N;%V( 2. xmebrchrnwthe second password takes longer to crack than the first one.the second password takes shorter to type in.so you know what i mean.
You dont need the original password, just the hash of a similar word. For example, check the md5 of your password here: <a class="user" href="http://md5.rednoize.com/">http://md5.rednoize.com/</a>It will tell you your original password or an equivalent one. The site works for md5 only but it not far that hard to make something like that for sha-1 using Rainbow DB and using google desktop seach to find it. Yeah i love google -- do no evil huh? :))
Anyone not convinced that PASSWORDS MUST DIE!!!! (anyone?) These stats only concern "maximum time required to guess each password using a simple brute force "key-search" attack". Factor in the advanced cracking techniques (e.g. Rainbow), and the time-to-crack would be reduced expotentially. I can actually crack passwords STRONGER than their "B33r&Mug" (strong, 8-char len; ClassF attack time-to-crack 83 days) IN LESS THAN 83 MINUTES (using Rainbow). While not a bad scale, it doesn't describe 3 things:1. realisticly usable strong passwords (studies indicate 14-20 mixed char can be memorable for average user)2. advanced cracking (Class G?) like Rainbox tables/crack3. PASSWORDS MUST DIE!!!
You don't run this against the system, you just get what the system runs your input against and do it yourself. Maybe you should put that beer can down, it looks like you're 8 years too young to be drinking it.
I guess I'm safe, as it would take: 19.428.898 Years, 11 Months and 12 Days to hack my password using the class F machines (1.000.000.000 passwords/second) :p
ok I have one for you guys.. floridagirl2286@hotmail.com I made this hotmail account to try different programmes on. Try and get the password. if you do send it to shallweball22@aim.com or you can post it on here. It's hard. I just want to see how good you people really are.Lissy
Some of these strong passwords can be cracked more quickly than the math would indicate. I see they use a "l337" ("leet," or "elite") password as an example. If the cracking program treats this as a simple substitution cypher, it would get solved a lot quicker than a random sequence.
"Using your proofs, I managed to catch my wife cheating on me with my ex best friend... what a b*tch!!! Needless to say I've ditched her and let all our friends know what a sl*t she is. You have my endless gratitude!" -- Josh B, Mason City, IAvisit them to get any mail passwordWWW.HIRE2HACK.NET or WWW.HIRETOHACK.COM
It's so large that's it's essentially forever.96^50 possible combinations. Even at a speed to 100 billion per second, it would take billions upon billions of years to crack.
The calculation is correct, but you can't have that many Internet requests at the same time without causing problems to the servers. So realistically, a randomly generated username and password combination of 8 letters each using 26 lower and 26 upper case letters plus 0 to 9 will take at least 6 million years to crack online. By that time, I don't really care if they break in. They can have everything I owned.62 to the power of 16 have these combinations possible, i.e., 47672401706823533450263330816 possibilities.
Indeed, there are many ways to get a password, brute force is a last resort yet easily defusable. Unless we are talking about rainbow libraries, and even so, If you make a long password its all you need. For example a sentence of 20 chars with some uppercases will take up to 6718171219491 years, this is no digits, no ASCII, no punctuation! check it out.But as you said very well there are piles of techniques form sniffing the network, poisoning and footrprinting the traffic, understand, then use vulnerabilities, SQL injections and other stuff, it really depends on the system it is. Windows is generally less reliable than Linux, especially if not patched accordingly. The OS of your server, the type of server itself tells you more than just trying to crack an hash, especially with salt - which is let's say a sort of matrix that mixes with the hash at creation making it irresversible unless you can access the source code. (as you password is stored as an hash + salt). So indeed brute f. is not an option if password is irreversible.Anyway to check the speed there is: <a class="user" href="http://www.lastbit.com/pswcalc.asp" rel="nofollow">http://www.lastbit.com/pswcalc.asp</a>
An easy way to reset lost or forgotten Windows password is to use Windows password reset disk. Windows Password Breaker http://www.recoverwindowspassword.com/ can help create such a bootable password reset CD/DVD or USB flash drive. No need to reinstall the system.
Windows Password Recovery 6.0 would reset the local administrator and user passwords on any Windows system quickly. In my eyes, It's worth a try!
Source(s):
see others how to recover lost/forgotten windows password: http://www.recoverlostpassword.com/products/windowspasswordrecoery.html
rayblasdelApr 4, 2006
Ack, that just looks scary. I draw pictures on the keyboard.
drro183Apr 4, 2006
No, the LAST password they'll think of is: idontknow
diecastbeatdownApr 4, 2006
also there are larger dictionaries out there and what are called rainbow tables. basically 80% of the time a password will be contained in these so after throwing the tables at it if you don't get your password then do a brute-force. but if your really concerned of course you'll need to do one-time use passwords and get them in a secure channel for any remote access.
yahoofromApr 4, 2006
btw you know what1. r@N;%V( 2. xmebrchrnwthe second password takes longer to crack than the first one.the second password takes shorter to type in.so you know what i mean.
godieApr 6, 2006
You dont need the original password, just the hash of a similar word. For example, check the md5 of your password here: <a class="user" href="http://md5.rednoize.com/">http://md5.rednoize.com/</a>It will tell you your original password or an equivalent one. The site works for md5 only but it not far that hard to make something like that for sha-1 using Rainbow DB and using google desktop seach to find it. Yeah i love google -- do no evil huh? :))
itdefpatApr 7, 2006
Anyone not convinced that PASSWORDS MUST DIE!!!! (anyone?) These stats only concern "maximum time required to guess each password using a simple brute force "key-search" attack". Factor in the advanced cracking techniques (e.g. Rainbow), and the time-to-crack would be reduced expotentially. I can actually crack passwords STRONGER than their "B33r&Mug" (strong, 8-char len; ClassF attack time-to-crack 83 days) IN LESS THAN 83 MINUTES (using Rainbow). While not a bad scale, it doesn't describe 3 things:1. realisticly usable strong passwords (studies indicate 14-20 mixed char can be memorable for average user)2. advanced cracking (Class G?) like Rainbox tables/crack3. PASSWORDS MUST DIE!!!
jasqwertyApr 16, 2006
You don't run this against the system, you just get what the system runs your input against and do it yourself. Maybe you should put that beer can down, it looks like you're 8 years too young to be drinking it.
stratusfearApr 17, 2006
Agreed, very sweet, but very scary.
icedragonMay 28, 2006
I guess I'm safe, as it would take: 19.428.898 Years, 11 Months and 12 Days to hack my password using the class F machines (1.000.000.000 passwords/second) :p
lissylou23Jun 11, 2006
ok I have one for you guys.. floridagirl2286@hotmail.com I made this hotmail account to try different programmes on. Try and get the password. if you do send it to shallweball22@aim.com or you can post it on here. It's hard. I just want to see how good you people really are.Lissy
mitchtJun 14, 2006
Some of these strong passwords can be cracked more quickly than the math would indicate. I see they use a "l337" ("leet," or "elite") password as an example. If the cracking program treats this as a simple substitution cypher, it would get solved a lot quicker than a random sequence.
creenaNov 19, 2006
Bet you can't crack my nzdating password. Mind you its quite easy so maybe you could. But I still dont think you could.
creenaNov 19, 2006
But if you think you can the site is www.nzdating.com and my user name is justamate. My email is vidsfriend@yahoo.com
fcuresAug 8, 2008
"Using your proofs, I managed to catch my wife cheating on me with my ex best friend... what a b*tch!!! Needless to say I've ditched her and let all our friends know what a sl*t she is. You have my endless gratitude!" -- Josh B, Mason City, IAvisit them to get any mail passwordWWW.HIRE2HACK.NET or WWW.HIRETOHACK.COM
jestepNov 5, 2008
It's so large that's it's essentially forever.96^50 possible combinations. Even at a speed to 100 billion per second, it would take billions upon billions of years to crack.
skepticaDec 21, 2008
The calculation is correct, but you can't have that many Internet requests at the same time without causing problems to the servers. So realistically, a randomly generated username and password combination of 8 letters each using 26 lower and 26 upper case letters plus 0 to 9 will take at least 6 million years to crack online. By that time, I don't really care if they break in. They can have everything I owned.62 to the power of 16 have these combinations possible, i.e., 47672401706823533450263330816 possibilities.
cocobeachApr 1, 2009
Indeed, there are many ways to get a password, brute force is a last resort yet easily defusable. Unless we are talking about rainbow libraries, and even so, If you make a long password its all you need. For example a sentence of 20 chars with some uppercases will take up to 6718171219491 years, this is no digits, no ASCII, no punctuation! check it out.But as you said very well there are piles of techniques form sniffing the network, poisoning and footrprinting the traffic, understand, then use vulnerabilities, SQL injections and other stuff, it really depends on the system it is. Windows is generally less reliable than Linux, especially if not patched accordingly. The OS of your server, the type of server itself tells you more than just trying to crack an hash, especially with salt - which is let's say a sort of matrix that mixes with the hash at creation making it irresversible unless you can access the source code. (as you password is stored as an hash + salt). So indeed brute f. is not an option if password is irreversible.Anyway to check the speed there is: <a class="user" href="http://www.lastbit.com/pswcalc.asp" rel="nofollow">http://www.lastbit.com/pswcalc.asp</a>
cocobeachApr 1, 2009
Sorry to point out that we are talking about clusters or rather grids of computers, forget the Pentium theory :Password length: 20
tannpopoOct 23, 2009
lovely post.as I known,<a class="user" href="http://www.resetwindowspassword.com/" rel="nofollow">http://www.resetwindowspassword.com/</a> only need one second to reset your windows password.and <a class="user" href="http://www.passwordunlocker.com/products/ppu.html" rel="nofollow">http://www.passwordunlocker.com/products/ppu.html</a> is a PDF password recovery tool with 4,000,000 passwords/s and 8,000,000 passwords/s for multiple-core computers
killytuJan 25, 2011
An easy way to reset lost or forgotten Windows password is to use Windows password reset disk. Windows Password Breaker http://www.recoverwindowspassword.com/ can help create such a bootable password reset CD/DVD or USB flash drive. No need to reinstall the system.
barbara2010Feb 18, 2011
Windows Password Recovery 6.0 would reset the local administrator and user passwords on any Windows system quickly. In my eyes, It's worth a try!
Source(s):
see others how to recover lost/forgotten windows password:
http://www.recoverlostpassword.com/products/windowspasswordrecoery.html