No need for complex password
#1
Why do we need complex passwords when it only length that matters?

Even with 232 120 000 H/s, fastest algorithm(MD5) with 10 fastest GPU card, Radeon R9 295X2, taking only lower cases and numbers you would still need so many years to brute a 20 letter pass.

36^20 = 13367494538843734067838845976576/
232 120 000(H/s)/
31 536 000(years) = 1 826 126 448 263 156 years.
#2
Why do we need brute force when it only dictionary that matters?
#3
My point was that you can create a long but simple to remember pass instead of a shorter but harder to remember one.
#4
You can still find long passwords. If you use easy passwords they will be found really fast.
#5
just to give you an idea of recently cracked passwords:
Code:
Happy Birthday dude!
claudia007claudia007
FuckTheFuckingFuckers
The wonderful wizard of oz
davidthisisnotmypassword
supersizefrenchfries
pediatricsanthropometry
superelephanttesting
passwordhellotesting
jjjjjjjjjjjjjjjjjjjjjj
administratorlegendworld
#6
(06-07-2014, 10:25 PM)undeath Wrote: just to give you an idea of recently cracked passwords:

Really? You were able to find these long passwords? Impressive!

What technique did you use, if it's not a secret? Smile

I'm probably asking for spoon-feeding here. :p
#7
Since oclHashcat has abandoned the 16 char limit for passwords these kind of passwords are not a challenge any more. With proper dicts and attack mode you can find them easily. Mainly just dict + rules and combinator mode. However attacks like the fingerprint attack provide many neat ways to find long passwords, too.
#8
tethys,

Try it and see for yourself... :-)

Im using the linkedin leaked hash against wordlist I've downloaded from "http://human0id.net/dicts/musicbrainz/". By using just a straight dictionary attack I'm able to crack password as long as 30 characters.

Code:
./hashcat-cli64.app -m 100 -a 0 --remove -o ../cracked.txt ../unmasked.lst ~/Downloads/human0id/MusicBrainz/MusicBrainz.dic

Code:
Jantje zag eens pruimen hangen
savethecheerleadersavetheworld
in the beginning was the word
givemelibertyorgivemedeath
eastofthesunwestofthemoon
yonoquierovolvermetanloco
deathshallhavenodominion
bigtroubleinlittlechina
elvishasleftthebuilding
StrangerInAStrangeLand
harekrishnaharekrishna
xenathewarriorprincess
jesuschryslersupercar
à la claire fontaine
foreverblowingbubbles
fromthebottomtothetop
networknetworknetwork
thinkingofamasterplan
Аристократ
the audacity of hope
andatetuttiaffanculo
grassisalwaysgreener
internationalnetwork
iveseenallgoodpeople
opeengrotepaddestoel
somethingthatmatters
theendofthemillenium

Best regards,
Azren
#9
Thank you, Azren and Undeath. Interesting indeed, Ill give it a try.