Interesting

555 readers

1 users here now

Be respectful to other members Treat others with kindness and courtesy, even if you disagree with their opinions.
Stay on topic Keep your discussions relevant to the purpose of the forum. Avoid going off-topic or derailing conversations.
No spamming Avoid posting irrelevant or unnecessary content, advertisements, or links to unrelated websites.
Use proper language and tone Choose your words carefully when commenting or replying to others. Avoid using profanity or engaging in offensive language and personal attacks.
Do not share personal information Protect your privacy by refraining from sharing personal details such as addresses, phone numbers, or email addresses on the forum.
Report any issues If you come across any inappropriate behavior or content, report it to the forum moderators or administrators.
Have fun and contribute positively Participate actively and add value to the discussions. Engage in meaningful and constructive conversations with fellow members.

founded 2 years ago

MODERATORS

[email protected]

101

Time it takes to brute force your password (feddit.de)

submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 2 years ago (8 children)

Don’t most systems lock out accounts after a few failed attempts?

[–] [email protected] 10 points 2 years ago* (last edited 2 years ago) (3 children)

That's not how it typically works. Accounts are usually obtained from a hash file (like what's in your /etc/shadow or whatever the equivalent is in Windows).

In there your typical password looks like a strong string of gibberish characters, but is actually the result of a one way function that processed the original password. When you enter you password, the function is applied to it and the result is compared to the stored one.

To break a password, you have to run stuff through that function (which is slightly computationally expensive, although using GPUs now helps quite a bit) until you find whatever matches the stored string (because it''s a one way function). Then you have the original password. This is known as a dictionary attack (because you basically have to run through the whole dictionary).

And this concludes hacking 101 for today.

[–] [email protected] 4 points 2 years ago (1 children)

No, a dictionary attack uses a specific collection of known passwords (usually from leaks/compromised websites etc.) and regular words. Then you apply common substitutions, like a 3 for an e or appending an !. This collection is then called a dictionary.

What you described and is referred to in the infographic is called a brute force attack.

[–] [email protected] 1 points 2 years ago

Good point, I might have written that a bit fast.

load more comments (1 replies)

load more comments (5 replies)