No need for complex password - Printable Version

No need for complex password - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Deprecated; Previous versions (https://hashcat.net/forum/forum-29.html)
+--- Forum: General Help (https://hashcat.net/forum/forum-8.html)
+--- Thread: No need for complex password (/thread-3457.html)

No need for complex password - tethys - 06-07-2014

Why do we need complex passwords when it only length that matters?

Even with 232 120 000 H/s, fastest algorithm(MD5) with 10 fastest GPU card, Radeon R9 295X2, taking only lower cases and numbers you would still need so many years to brute a 20 letter pass.

36^20 = 13367494538843734067838845976576/
232 120 000(H/s)/
31 536 000(years) = 1 826 126 448 263 156 years.

RE: No need for complex password - undeath - 06-07-2014

Why do we need brute force when it only dictionary that matters?

RE: No need for complex password - tethys - 06-07-2014

My point was that you can create a long but simple to remember pass instead of a shorter but harder to remember one.

RE: No need for complex password - K9 - 06-07-2014

You can still find long passwords. If you use easy passwords they will be found really fast.

RE: No need for complex password - undeath - 06-07-2014

just to give you an idea of recently cracked passwords:

Code:
Happy Birthday dude!

claudia007claudia007

FuckTheFuckingFuckers

The wonderful wizard of oz

davidthisisnotmypassword

supersizefrenchfries

pediatricsanthropometry

superelephanttesting

passwordhellotesting

jjjjjjjjjjjjjjjjjjjjjj

administratorlegendworld

RE: No need for complex password - tethys - 06-09-2014

(06-07-2014, 10:25 PM)undeath Wrote: just to give you an idea of recently cracked passwords:

Really? You were able to find these long passwords? Impressive!

What technique did you use, if it's not a secret? Smile

I'm probably asking for spoon-feeding here. :p

RE: No need for complex password - undeath - 06-09-2014

Since oclHashcat has abandoned the 16 char limit for passwords these kind of passwords are not a challenge any more. With proper dicts and attack mode you can find them easily. Mainly just dict + rules and combinator mode. However attacks like the fingerprint attack provide many neat ways to find long passwords, too.

RE: No need for complex password - azren - 06-09-2014

tethys,

Try it and see for yourself... :-)

Im using the linkedin leaked hash against wordlist I've downloaded from "http://human0id.net/dicts/musicbrainz/". By using just a straight dictionary attack I'm able to crack password as long as 30 characters.

Code:
./hashcat-cli64.app -m 100 -a 0 --remove -o ../cracked.txt ../unmasked.lst ~/Downloads/human0id/MusicBrainz/MusicBrainz.dic

Code:
Jantje zag eens pruimen hangen

savethecheerleadersavetheworld

in the beginning was the word

givemelibertyorgivemedeath

eastofthesunwestofthemoon

yonoquierovolvermetanloco

deathshallhavenodominion

bigtroubleinlittlechina

elvishasleftthebuilding

StrangerInAStrangeLand

harekrishnaharekrishna

xenathewarriorprincess

jesuschryslersupercar

Ã  la claire fontaine

foreverblowingbubbles

fromthebottomtothetop

networknetworknetwork

thinkingofamasterplan

ÐÑ€Ð¸ÑÑ‚Ð¾ÐºÑ€Ð°Ñ‚

the audacity of hope

andatetuttiaffanculo

grassisalwaysgreener

internationalnetwork

iveseenallgoodpeople

opeengrotepaddestoel

somethingthatmatters

theendofthemillenium

Best regards,
Azren

RE: No need for complex password - tethys - 06-09-2014

Thank you, Azren and Undeath. Interesting indeed, Ill give it a try.