Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

AV companies like to share samples with each other, so guessing they had at least a bit of a head start. Still, brute forcing a 10 character password that uses the full ASCII printable character set looks like it'd require.. 9,500 years on a single high end GPU.

No idea what the current state of cracking is, but probably they used some rules based approach (like John the Ripper used to have) to massively reduce the search space.



Note that !@# is just shift-1, shift-2, shift-3. So not unlikely that it would appear in a rules based approach. The password is numbers, english word, keyboard-sequence.


Thanks for that explanation. Being accustomer to a UK keyboard layout this didn't occur to me (as shift 1-3 is !"£ here).


You have no idea how brute force md5 was like. You just look up a 80TB db table full of hash strings.

http://www.cmd5.org/password.aspx


Are you saying JtR no longer has a rules-based approach, or that it's no longer used?

It's still actively maintained.

http://www.openwall.com/john/


I'm saying I haven't tried to crack a password in about 12 years :)


Fair enough.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: