How secure is your passwod Sup Forums?

Keepass mate

oh wew

here ya go lads
github.com/howsecureismypassword/hsimp

>thinking "nazi jokes are fucked up and abnormal" is virtue signalling
kekkington

"correct horse battery staple" is mine.

I have it from a comic I found on the internet.
They say it's much more secure that any password that is made of numbers and symbols.

I can't remember the link, though.

What jokes?

Pol is this way:
http://

user, I see that you're new! Let me help you!
To link to another board you don't need to use http:// prefix (use https when possible, by the way).
The proper way is just you were halfway there!
Secondly, /trash/ is not Sup Forums, Sup Forums is Sup Forums. You probably got trolled a little, but no worries, it happens to everyone!

>>>/Reddit/
>>>/Tumblr/
Get the fuck off my board nigger snowflake

There's no need to use such crass language, user!
First of all, there's no reason to think that user is black!
Secondly, Sup Forums is a national-socialist anime imageboard and national-socialism is for everyone. Why would skin color matter?

you are like little baby

>how secure is my password?
>let me type it into this website!

Literally how?

>12,751,349,217,300,716,000,000,000,000 QUINQUAGINTILLION YEARS
Pretty good password.

Typing your password to some website

It'll take longer than the heat death of the universe

this website is based on the faulty premise that people check "easy" passwords first

everyone expects you to have long, "hard" passwords so they never check the easy ones, hence my password is actually safer than anyone else's in this thread

>93 trillion years for my bios password
>16 billion years for my login password
>2 quattuordecillion years for my email.
>8 million years for my iPhone (which deletes after 10 incorrect guesses - no fingerprint ever used for unlock).
>1 trillion years for my bank account.
>4 sextillion years for my paypal.
>2 duodecillion years for my credit card account.

I think I'm fairly secure.

...

passwords with fewer than 8 characters get brute forced instantly, you're delusional

That "random 4 word" infographic is no bullshit after all

Download the source to a thumb drive and plug it into a computer that's not connected to the internet if you're so fucking paranoid

If a person is using a bruteforce, and you have cast as wide a net as you can, it will take 20 seconds. Example: Av15!?

There is no 6 digit password that is safe against a bruteforce, unless you're talking about something like an iPad, where you only get 10 tries before it wipes the phone.

Or you could just load the page, disconnect from the internet, type it out, then clear the cache, cookies, etc before reconnecting.

Drop random chars instead of spaces and you it's even safer.

Or you can just open dev tools and check if any inputs are being sent.

did you even read what i said? are you retarded?

they won't check my password first, they'll check yours first since that's what they expect you to have.

how stupid are you if you don't realize this? you're like a person who claims that hiding your key under your doormat is better since it's more effort to lift the doormat. well guess what, that's where they're going to check first.

can devtools see websocks yet?

too obvious, user

Passworld123abc

Thanks, youve just contributed to our rainbow table database.

No spaces famalam

Is your password "qwerty"? Because that's mine and my screen looks the same

Any way to get more than 2 years with 6 chars?
I tried.

Wow newfag

yos

I am jewish can I be national socialist?

Absolutely. You do know that Hitler named quite a few Jews honorary aryans, right?

>not using the built in Sup Forums version

>[pass]************[/pass]
>Your password is more secure than 91% of users.

Eat it fags

try mixing accented latin uppercase with lowercase greek, uppercase cyrillic, unicode dingbat symbols, math operators and miscellaneous symbols

It's still incorrect, they have not taken Moore's Law into account. Especially not with quantum computing.

>Passworld123abc

Security bot: "123 in caps please."

...

does it work?
[pass]Metropolitain3718[/pass]

shit how do i delete my post????

Why? All I can see is [pass]****************[/pass]

Saw that too

is this site a placebo?

>using passwords

...

Reddit

added to my dicionary

...

Oy vey goyim how did you manage to accomplish this?

It would be very antisemitic of you to not tell me.

...

kek

>JustBuildMyRainbowTablesForMe.com

Are xkcd passwords any good? I'm usually using www.nul.space/dicepassc to generate password with 4 long words. There are 7776 words in used dictionary. xkcd only counts with 2048 words in dict, but 1000 guesses per second. This website uses 10^9 guesses per second, meaning xkcd stats get cracked in 5 hours, dicepassc stats in only 42 days.

Doesn't fit in the field

Same. And for "forever" fags, all you have to do is increase the entropy within Keepass.

But even then, with Keepass it's easy to automatically remind you to change passwords, regen on the spot, update and you're done.

90 quadrilion yrs

by computer they meant q6600 level cpu

this clearly doesn't take into account multi gpu brute forcing lol

how many hashes per second is then realistic? website claims to count with 10 billion

I'm not compromising my password by entering it into a website.
But I use names of military hardware in my passwords.
These names do not exist in any dictionary or web search.

Boone can crack a password that has words that don't officially exist.

Comfy here

I second this

who is this Boone

You don’t know how modern password crackers work.

For at least a decade, probably longer, it’s not a simple dictionary attack: it’s rainbow tables (gi-fucking-gantic tables of hashes). By now, it’s probably terabytes of the fuckers. Rent some time on AWS, compute a shitload of hashes.

So, no: You can have: HMMWVm16m1911m4MoskitMiG23#$^%&#$^&$%^&$%^&$%^&$%^&$%^&$^

And it’s probably in a rainbow table by now.

>precalculating rainbow table
>key deriv function contains random nonce
good luck with that

>iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiii
>TRILLIONS AND TRILLIONS OF YEARS
555-COME-ON-NOW

>69b060d8cafbe34254ef028f646325183eeb552efca23074fff8a3d0ee2ea7cb
as secure as it gets desu
and i didn't even need (((dashlane)))

You don’t get it:

The folks who make these things calculate *all* the hashes. Too many systems still have shite password lengths, so it’s feasible.

What the fuck do you think all those recent “oh, every account on X service has been compromised.”

They’re not sitting there typing them in. First, you compromise the system and get elevated privileges. Then rock up over to the stored password hashes.

Now you’ve got a map of usernames to password hashes (yeah, including the salt).

Now check you room full out harddrives with hashes.

Every hash hit you get is an pwned account.

So, good luck my fucking balls. This has been happening, is happening, and will continue to happen until everyone gets TFA.

>using the example given in a guide about strong passwords
You know every haxxx0r on the face of the earth added that into their dictionary. It's about as secure of a password as "password" or "master123". Just change the order of the words or misspell one of the words and you'll (most likely) be fine.

Cool site senpai. Is there somewhere i can enter my bank details to see if those are secure too?

Why are usernames or login names not salted and hashed along with the password? Surely two pieces being obscured is greater than just the password alone?

Hitler confirmed jew kike lover

usernames are public (or private to other users but public to administrators) in virtually every account-based website or service, there'd be no point in hashing it

What if they were made private just like passwords? Isn't this a glaring issue and fixing it would be like TFA-lite?

>What if they were made private
but why? you or the website gain nothing from that except drawbacks like double the time to verify a hash, impossibility to show your username in something like a navbar, impossibility to share a profile and so on

>double the time to verify a hash
to add to that, i didn't realize it sooner but login to a hashed username would actually be impossible because salted hashes always produce different values, so you can't lookup them on a database, you'd have to fetch all users and verify their hash one by one

So if there is ever a database dump hackers have to decrypt the usernames along with passwords which greatly increases the time for usable data. Once users are logged in they usually have their real name on the account which they can then use for sharing profiles etc. Processing time is a non issue today and is the same flimsy excuse used years ago by lazy site owners to not implement HTTPS.

Just salt the password only then but use unsalted encryption on the username.

>encryption
*hash

well, if they can crack your salted password what makes you think they can't crack your unsalted username?
and if they can't crack your salted password there's no need to hash the username

Even if they could crack it all, it increases the time required to have usable data. Increasing time for the bad guys to have usable data would be a good thing I would have thought.

What did they mean by this?

dont post the fucking link or anything

That's an interesting question.

>it increases the time required to have usable data
they already tried that with drm, doesn't really work very well
in any case, you're not really solving anything, best case scenario you're making them wait a few more days, hours even, given that usernames are for the most part not as complex as passwords

don't get me wrong, I'm not absolutely rejecting your proposal, I just think it adds unneeded overheat and doesn't solve much in the long term