Learn More
Resend Email
11
tanooki
7y

What the heck kinda password rules are these? Getting away from this credit union as soon as possible...

undefined

stupid

password

rules
Favorite
Ranter
Comments
  • 1
    7y
    What about these rules?
  • 0
    7y
    @runfrodorun so fucking true
  • 1
    7y
    @aitkotw I need to implement that somewhere...
  • 0
    7y
    @Anaeijon don't forget to tell me
  • -1
    7y
    @runfrodorun I truly doubt you can crack a hash of a password with 10 characters 😉

    Edit: I should probably add that I mean a pbkdf2 hash with 1000 iterations of SHA1 and a 1024 bit random salt. I mean, obviously, right? 😄
  • -1
    7y
    @runfrodorun Well if you can zero in on the few characters you need to brute force then sure. Tho it really depends on the kind of hash you're looking at. For example a gpu won't be much use on blowfish hashes as far as I know since they require too much memory.

    Also, do you realise how many combinations of 10 digits password there are? Assuming only alphanumeric characters you're looking at 62^10 combinations. Thats over 800 000 000 000 000 000 combinations. Btw 3blue1brown has a good video visualising how hard it is to crack SHA256

    Btw what did you mean by hash transmitted over the network? Like file checksums?

    Anyhow. You seem to be suggesting that breaking any hash is child's play. So how does that go with cryptocurrencies?

    I'm just not very sold on your claims that hash cracking is easy since that flies in the face of almost everything I've learned about hashes.

    Edit: This comment may seem a bit odd because I went back and forth adding bits 😄
  • 0
    7y
    @runfrodorun What? This is nonsense. So what you're saying is we should all hash our passwords with unsalted MD5s because anything else will be easier to crack.

    Citing some research would really help here because it's really seems like you're pulling stuff out of your ass.
    I'm sorry 😄
  • 0
    7y
    @runfrodorun Yea, exactly. So using a better hashing algorithm makes your hashes more secure. Even better if you can run something that is hard to run on a gpu like blowfish.

    As for long passwords. Of course you should use long passwords and the longer the better. But try explaining that to users. Memorizing 20-30 20 letter passwords that share no resemblance is hard, really hard.

    Also, salting your passwords with a good unique salt is a must. This makes it much harder to crack a database of passwords since same passwords won't generate same hashes
Related Rants
devRant © 2021 Hexical Labs LLC
Privacy Policy  |  Terms of Service
Add Comment