Post Friends My journal
picaune

(Untitled)

Jan 17, 2004 15:28

My prototype, if run on a five-letter password with absolutely no time needed to check correctness, can crack it within 8 minutes, 40 seconds. My TRT is estimated in the thousands of days for a 9-letter password, but I'm sure that's much less than the real time. Tell ya what: if you want to know exactly how safe your HTTP password is from my ( Read more... )

Leave a comment

Comments 3

xgns January 17 2004, 13:39:33 UTC
Actually, most better websites will simply lock down to an IP if it tries an unnsuccessful user/password attempt more than a certain amount of times in a certain amount of times.

So it'd be more like... 8 years, 40 weeks on Lj, as they limit to 3 password attempts a day or something I think.

Reply

picaune January 17 2004, 16:09:56 UTC
Yes, but I'm using this for HTTP Basic authentication on servers controlled by people who do not know how to or do not have the software components to activate lockdowns. Like OmarB, for instance.

On the other hand, OmarB is likely to actually look at his log files, especially when they reach 7 gig in size, and manually lock down my IP. In which case I switch to a (or another) proxy and continue the guessing.

Reply

xgns January 17 2004, 19:04:12 UTC
You're an idiot.

You die now.

Reply

Leave a comment

Up
Homepage Read journal... Full version Help Русская версия
© 1999-2025 LiveJournal, Inc.