hashcat Forum

Why do we need complex passwords when it only length that matters?

Even with 232 120 000 H/s, fastest algorithm(MD5) with 10 fastest GPU card, Radeon R9 295X2, taking only lower cases and numbers you would still need so many years to brute a 20 letter pass.

36^20 = 13367494538843734067838845976576/
232 120 000(H/s)/
31 536 000(years) = 1 826 126 448 263 156 years.

Why do we need brute force when it only dictionary that matters?

My point was that you can create a long but simple to remember pass instead of a shorter but harder to remember one.

You can still find long passwords. If you use easy passwords they will be found really fast.

just to give you an idea of recently cracked passwords:

(06-07-2014, 10:25 PM)undeath Wrote: [ -> ]just to give you an idea of recently cracked passwords:

Really? You were able to find these long passwords? Impressive!

What technique did you use, if it's not a secret?

I'm probably asking for spoon-feeding here. :p

Since oclHashcat has abandoned the 16 char limit for passwords these kind of passwords are not a challenge any more. With proper dicts and attack mode you can find them easily. Mainly just dict + rules and combinator mode. However attacks like the fingerprint attack provide many neat ways to find long passwords, too.

tethys,

Try it and see for yourself... :-)

Im using the linkedin leaked hash against wordlist I've downloaded from "http://human0id.net/dicts/musicbrainz/". By using just a straight dictionary attack I'm able to crack password as long as 30 characters.



Best regards,
Azren

Thank you, Azren and Undeath. Interesting indeed, Ill give it a try.