тео
Well-Known Member
Проверка на сигурността на парола срещу Brute Force Attacks
НЕ ВКАРВАЙТЕ РЕАЛНАТА СИ ПАРОЛА
Ако ще правите проверка проверете сходни символи
Поуспокоих се, като ми изведе резултат за най-важната ми парола - 30 милиарда години :shock:
Но за други ми изкарва от час до ден....
Малко инфо от сайта:
IS THIS SAFE?
It is actually. I'm not harvesting passwords into an EVIL database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. MWUHAHAHAHAHAA! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.
The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.
However, for the SUPER-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.
IS THIS ACCURATE?
It all depends on who's trying to hack your computer and how they're trying to do it. There are many different ways to try and crack a password and this site only does the calculation for one particular sort of hacking attempt: The Brute Force Attack.
To be honest, it's more likely that the first thing a hacker would try is a Dictionary Attack. This involves trying every word in the dictionary and can be done by a computer in a few seconds. So if your password is just a single word (like "scuttlebutt" or "indubitable") you're probably not very safe.
"Why doesn't the site do a quick check against a dictionary then?", I hear you ask. "Good question", I reply (in interpretative dance). Well, there are two ways I could do that. The first way would be to check the password you type against an online dictionary. But that would involve sending your password over the interwebs, which would be wonderfully insecure. The second way would be to include a full dictionary in the JavaScript file that the site runs on your computer. But that would slow down the site and make the hosting more expensive. So I just don't bother.
Moral of the story? Don't use words out of the dictionary for passwords.
HOW IT WORKS
It's just a bit of simple maths:
(number of possible characters to the power of length of the password) divided by calculations per second
Length of the password is nice and easy to work out: it's just the number of characters in your password. For example 'cat' has 3 characters and 'monkey' has 12.
"Monkey has 12?", you ask.
"No it doesn't", I reply, "It's got 6. You should probably learn to count."
Calculations per second is a bit more of a rough figure. On the site it's set to 10,000,000, which is an approximate number of passwords a regular computer might be able to try every second. But it's going to depend on the computer as well as what the password is for. A lot of sites and programs won't let you try more than three passwords in the space of ten minutes, which would render a brute force attack pretty useless.
Number of possible characters is a bit more complicated. For alphanumeric characters it's easy enough: there are 26 possible lowercase characters; uppercase adds another 26; digits add another 10. It gets a bit more tricky after that: there are well over a million other symbols that a computer is capable of putting into a text field – e.g. ?, ß, Й, 葉, ☯. Not all sites and programs can accept these in password fields and different hacking tools will try different non-alphanumeric characters.
Currently this site first checks against the 13 most common symbols in English:
! @ # $ % ^ , & * ? _ ~ -
It then checks against latin characters, such as é and û, and against cyrillic characters, such as ԓ and Ԗ. Other characters are not currently supported.
НЕ ВКАРВАЙТЕ РЕАЛНАТА СИ ПАРОЛА
Ако ще правите проверка проверете сходни символи
Поуспокоих се, като ми изведе резултат за най-важната ми парола - 30 милиарда години :shock:
Но за други ми изкарва от час до ден....
Малко инфо от сайта:
IS THIS SAFE?
It is actually. I'm not harvesting passwords into an EVIL database. Of course that's exactly the sort of thing I would say if I were harvesting them. And it wouldn't be hard to do it: a couple of lines of code and I'd have all your passwords. MWUHAHAHAHAHAA! But, to be honest, I don't know what I'd do with them. Make a cake perhaps.
The bit of code that does the calculations is done in JavaScript. And JavaScript is a "client-side" language. That means it runs on your computer – not on ours. No data ever travels from your computer back to the website. You can check this by loading up the webpage and then turning off your internet connection. You'll still be able to use the website to your heart's content.
However, for the SUPER-paranoid among you, you could just type in something a bit like your password rather than your actual password. In fact, that's probably a good idea anyway. Just in case I'm lying.
IS THIS ACCURATE?
It all depends on who's trying to hack your computer and how they're trying to do it. There are many different ways to try and crack a password and this site only does the calculation for one particular sort of hacking attempt: The Brute Force Attack.
To be honest, it's more likely that the first thing a hacker would try is a Dictionary Attack. This involves trying every word in the dictionary and can be done by a computer in a few seconds. So if your password is just a single word (like "scuttlebutt" or "indubitable") you're probably not very safe.
"Why doesn't the site do a quick check against a dictionary then?", I hear you ask. "Good question", I reply (in interpretative dance). Well, there are two ways I could do that. The first way would be to check the password you type against an online dictionary. But that would involve sending your password over the interwebs, which would be wonderfully insecure. The second way would be to include a full dictionary in the JavaScript file that the site runs on your computer. But that would slow down the site and make the hosting more expensive. So I just don't bother.
Moral of the story? Don't use words out of the dictionary for passwords.
HOW IT WORKS
It's just a bit of simple maths:
(number of possible characters to the power of length of the password) divided by calculations per second
Length of the password is nice and easy to work out: it's just the number of characters in your password. For example 'cat' has 3 characters and 'monkey' has 12.
"Monkey has 12?", you ask.
"No it doesn't", I reply, "It's got 6. You should probably learn to count."
Calculations per second is a bit more of a rough figure. On the site it's set to 10,000,000, which is an approximate number of passwords a regular computer might be able to try every second. But it's going to depend on the computer as well as what the password is for. A lot of sites and programs won't let you try more than three passwords in the space of ten minutes, which would render a brute force attack pretty useless.
Number of possible characters is a bit more complicated. For alphanumeric characters it's easy enough: there are 26 possible lowercase characters; uppercase adds another 26; digits add another 10. It gets a bit more tricky after that: there are well over a million other symbols that a computer is capable of putting into a text field – e.g. ?, ß, Й, 葉, ☯. Not all sites and programs can accept these in password fields and different hacking tools will try different non-alphanumeric characters.
Currently this site first checks against the 13 most common symbols in English:
! @ # $ % ^ , & * ? _ ~ -
It then checks against latin characters, such as é and û, and against cyrillic characters, such as ԓ and Ԗ. Other characters are not currently supported.
Последно редактирано:
