Bitcoin Forum
December 11, 2017, 06:19:44 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: How long would take to break a 13 character password  (Read 4640 times)
Relnarien
Sr. Member
****
Offline Offline

Activity: 400


View Profile
September 22, 2016, 01:50:29 PM
 #21

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

I tried those websites with a different 14 character passwords as I don't want to put mine online even if they say the password is not registered to their servers and the answers were pretty good.

First website answer:

It would take 1 computer to crack it a quadrillion years Smiley

Second website

Your password is strong and secure and it would take 1328957638 years to crack it Smiley

http://www.zdnet.com/article/25-gpus-devour-password-hashes-at-up-to-348-billion-per-second/
25 GPUs devour password hashes at up to 348 billion per second. Five 4U servers equipped with 25 AMD Radeon-powered GPUs linked together using an Infiniband switched


Any approximate time needed to crack this password let's say from state sponsorship with 5000 cluster computers ? (cluster PC are with a tons of GPU-s each for cracking)
Suppose the Russian government wants your password. Cracking your password is not necessary. They put a bug in your computer, your house or put a gun to your head. You can't stop a state.



The government where I live in is not allowed to put you a gun to your head to find your password. I am talking about a normal government which if they can't hack your password cannot put you into jail.

So what is the approximate time if they have these AMD GPU-s you are talking about ? That's my main concern of this whole thread, an approximate with the latest equipment of a state (It's a good thing for me my state is not so well developed in this category)

As I already posted, it would be (5210 * 1,259,712) divided by the number of password attempts per second. That can further be decreased by getting more hints about your password. For example, knowing if you only uppercase or lowercase letters would decrease the possible combinations by a factor of 1,024.
1512973184
Hero Member
*
Offline Offline

Posts: 1512973184

View Profile Personal Message (Offline)

Ignore
1512973184
Reply with quote  #2

1512973184
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1512973184
Hero Member
*
Offline Offline

Posts: 1512973184

View Profile Personal Message (Offline)

Ignore
1512973184
Reply with quote  #2

1512973184
Report to moderator
Fraxinus
Legendary
*
Offline Offline

Activity: 1274



View Profile
September 22, 2016, 04:52:10 PM
 #22

It will take so many time you really have to be lucky to do it,that's the only hope.Computers are really powerful,however a 13 character password provides many possible combinations

sukamasoto
Legendary
*
Offline Offline

Activity: 1092


DIMPAY: Invest for Tomorrow. Today.


View Profile
September 22, 2016, 05:38:04 PM
 #23


As per this link, with speed of 1,000,000,000 Passwords/sec, cracking a 8 character password composed using 96 characters takes 83.5 days

1,000,000,000 Passwords/sec => Typical for medium to large scale distributed computing, Supercomputers.



* reference
http://security.stackexchange.com/questions/43683/is-it-possible-to-brute-force-all-8-character-passwords-in-an-offline-attack



Just make sure that you're using 96 charaters password with 13 char, I'm sure even with Super Computer , it still need many years to crack it up

xht
Sr. Member
****
Offline Offline

Activity: 462

hey you, yeah you, fuck you!!!


View Profile
September 22, 2016, 07:28:42 PM
 #24

Length is really the one factor that matters regarding password strength so using more character would be take more time to crack it.

pooya87
Legendary
*
Offline Offline

Activity: 1120


Buy bitcoin they said... who listened?


View Profile
September 23, 2016, 04:05:46 AM
 #25


As per this link, with speed of 1,000,000,000 Passwords/sec, cracking a 8 character password composed using 96 characters takes 83.5 days

1,000,000,000 Passwords/sec => Typical for medium to large scale distributed computing, Supercomputers.



* reference
http://security.stackexchange.com/questions/43683/is-it-possible-to-brute-force-all-8-character-passwords-in-an-offline-attack



Just make sure that you're using 96 charaters password with 13 char, I'm sure even with Super Computer , it still need many years to crack it up

first of all that link you posted is from a question that was asked 3 years ago and although there is not much changed but still it is kind of old.

also as it is also said there it depends on the algorithm used to create the the password hashes (in case it is used) so it may take a lot longer than that.

doomistake
Hero Member
*****
Offline Offline

Activity: 588



View Profile
September 23, 2016, 04:22:24 AM
 #26

13 characters password is not that easy to hack. It may take a day or more if the password have numbers on it. Using bruteforce on it will take some time to crack the words that you put in your password but it will take a longer time on the number since it is not that easy to crack the sequence of the number. Since bruteforce trying all the common passwords that is in it's program it will be hard to crack the two words that you've put in you passwords since the other one is not in english.


          ▄▄█████▌▐█████▄▄
       ▄█████████▌    ▀▀▀███▄
     ▄███████████▌  ▄▄▄▄   ▀██▄
   ▄█████████████▌  ▀▄▄▀     ▀██▄
  ▐██████████████▌  ▄▄▄▄       ▀█▌
 ▐███████████████▌            ▀█▌
 ████████████████▌  ▀▀▀█         ██
▐████████████████▌  ▄▄▄▄         ██▌
▐████████████████▌  ▀  ▀         ██▌
 ████████████████▌  █▀▀█         ██
 ▐███████████████▌  ▀▀▀▀        ▄█▌
  ▐██████████████▌  ▀▀▀▀       ▄█▌
   ▀█████████████▌  ▀▀█▀     ▄██▀
     ▀███████████▌  ▀▀▀▀   ▄██▀
       ▀█████████▌    ▄▄▄███▀
          ▀▀█████▌▐█████▀▀
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
▬◉▬
     ▄▄▄
 ▄▄█████████▄▄
  ▀▀▀▀▀▀▀▀▀▀▀
   █▌▐█ █▌▐█
   █▌▐█ █▌▐█
 ▄███████████▄
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄






▄█████████████▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
███████████████
██▀▀█▀▀████████
▀█████████████▀
zend7
Hero Member
*****
Offline Offline

Activity: 658

Hackers please hack me .... if you can :)


View Profile
September 23, 2016, 06:18:43 AM
 #27

Length is really the one factor that matters regarding password strength so using more character would be take more time to crack it.

Ok thanks everone for your help. Based on what I have read here I think I have understood what I have to do now. These 2 words together makes sense only to me and no one else in the face of earth (101% sure about this). What if I repeat this password 5 times and make it a 65 character long password and I change these 2 words and number sequences 3 times in the password and 2 times I keep it like that ?

How much would take to crack a 65 character long password made with .RAR Linux Ubuntu algorithm ?
leakingnoseee
Full Member
***
Offline Offline

Activity: 206


View Profile
September 23, 2016, 06:36:01 AM
 #28

It is hard to say as it depends on how many numbers and signs it have
zend7
Hero Member
*****
Offline Offline

Activity: 658

Hackers please hack me .... if you can :)


View Profile
September 23, 2016, 07:31:56 PM
 #29

It is hard to say as it depends on how many numbers and signs it have

10 numbers and 5 signs and 50 letters, total of 65 characters. Algorithm used is of 7zip or Rar from the Ubuntu Linux which is one of the hardest to crack if you start from zero, especially if they don't know nothing about your password.

Now I have created a password with 2 sentences that makes sense only to me and have put numbers and signs that makes sense only to me. I guess this is the safest as it can be.
Indijanos
Full Member
***
Offline Offline

Activity: 154



View Profile
September 24, 2016, 05:07:02 PM
 #30

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

How long would take from state sponsorship attack to bruteforce it ?

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

Thanks in advance for your replies.

it would depend on the way of cracking the password. my friend and I were interested how long it wouldtake for a programm to crack our wifi pass using brute force... It took it almost 5 days, password was 8 characters long.

zend7
Hero Member
*****
Offline Offline

Activity: 658

Hackers please hack me .... if you can :)


View Profile
September 24, 2016, 05:41:38 PM
 #31

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

How long would take from state sponsorship attack to bruteforce it ?

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

Thanks in advance for your replies.

it would depend on the way of cracking the password. my friend and I were interested how long it wouldtake for a programm to crack our wifi pass using brute force... It took it almost 5 days, password was 8 characters long.

Wifi has the weakest protocol to brute force it. If a single person with a Kali Linux installed within your reach it would take this program included there called aircrack ng about 24 hours for 2 characters to brute force so 4 days to a 8 character password.

However I am talking about one of the most secure encryption methods today which is .RAR or .7zip.

How come not a single cracker on this forum yet ?
Kprawn
Legendary
*
Offline Offline

Activity: 1330


★Bitvest.io★ Play Plinko or Invest!


View Profile
September 24, 2016, 05:58:50 PM
 #32

Just remember these passwords do not need to be brute forced with a massive database, if the hacker can manage to successfully apply

a Keylogger or even a "Man-in-the-middle" attack.  Wink  .... The effort in doing that, is a lot less than having to brute force a massive

password. In any way, no password being used on several different sites are bullet proof against attacks... It just makes it easier for a

hacker to find exploits on ANY of those sites, to get to your password. Use different passwords for different sites, and you will be a bit

more secure.  Wink



.
.BITVEST DICE.
HAS BEEN RELEASED!


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████

▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░████
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████

██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░

██░▄▄▄▄░████▄▄██▄░░░░
████████████▀▀▀▀▀▀▀██
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄

██░████████░███████░█
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████

▀████████████████████▀




Rainbot
Daily Quests
Faucet
Fraxinus
Legendary
*
Offline Offline

Activity: 1274



View Profile
September 24, 2016, 07:53:45 PM
 #33

Just remember these passwords do not need to be brute forced with a massive database, if the hacker can manage to successfully apply

a Keylogger or even a "Man-in-the-middle" attack.  Wink  .... The effort in doing that, is a lot less than having to brute force a massive

password. In any way, no password being used on several different sites are bullet proof against attacks... It just makes it easier for a

hacker to find exploits on ANY of those sites, to get to your password. Use different passwords for different sites, and you will be a bit

more secure.  Wink

Hah yeaah Cheesy If they have a keylogger the whole thing happens to be a hella more easier

zend7
Hero Member
*****
Offline Offline

Activity: 658

Hackers please hack me .... if you can :)


View Profile
September 24, 2016, 08:58:01 PM
 #34

Just remember these passwords do not need to be brute forced with a massive database, if the hacker can manage to successfully apply

a Keylogger or even a "Man-in-the-middle" attack.  Wink  .... The effort in doing that, is a lot less than having to brute force a massive

password. In any way, no password being used on several different sites are bullet proof against attacks... It just makes it easier for a

hacker to find exploits on ANY of those sites, to get to your password. Use different passwords for different sites, and you will be a bit

more secure.  Wink


Latest news on TOR browser security advise websites says that MITM attacks were responsible for some hacking of some users but that flaw that permitted this attack was patched within 1 day (24 hour) from TOR browser developers.

I am sure I have not any keylogger on my machine yet. That is because no one gives a damn who am I but my question is just in case I need to be safe a 65 characters password which no one has a clue , how safe it is.

How safe it is if someone starts from 0 point trying to hack it, let's suppose he only have the RAR file and nothing else, doesn't know the source nor he does know what this file contains ? I think I am far ahead of the game now but need a confirmation from someone who has dealt with security day to day, someone who has worked at this field.
ivanst776
Legendary
*
Offline Offline

Activity: 1162



View Profile
September 24, 2016, 11:30:50 PM
 #35

I'm not 100% sure that we can trust these websites, but you should check:

https://howsecureismypassword.net/

http://random-ize.com/how-long-to-hack-pass/

Nobody should trust these websites because if their database or something else gets hacked then your password can be leaked.

OP I think that you and everybody else should not worry about the length of the 13+ chars password because can't be bruteforced as it will take so much time.

But we should be worried about our security because for a keylogger the password length doesn't matter to log.

Za1n
Hero Member
*****
Offline Offline

Activity: 770


View Profile
September 25, 2016, 04:58:37 AM
 #36

Why even screw around? If you can come up with a 13 character password, add another few characters and some more randomness to it.

I wouldn't go for anything less than 16 characters for anything online, and if it is for something of significance you should be looking closer at 24 character + lengths, with lots of randomness, mixed case, numbers, and special symbols.

Here is another good site to glean some information on passwords. https://www.grc.com/haystack.htm

However, as others have already pointed out, do not use any passwords you actually intend to use at this or any of these sites, instead simply create similar test passwords to what you are thinking of using.
zend7
Hero Member
*****
Offline Offline

Activity: 658

Hackers please hack me .... if you can :)


View Profile
September 25, 2016, 12:24:59 PM
 #37

Why even screw around? If you can come up with a 13 character password, add another few characters and some more randomness to it.

I wouldn't go for anything less than 16 characters for anything online, and if it is for something of significance you should be looking closer at 24 character + lengths, with lots of randomness, mixed case, numbers, and special symbols.

Here is another good site to glean some information on passwords. https://www.grc.com/haystack.htm

However, as others have already pointed out, do not use any passwords you actually intend to use at this or any of these sites, instead simply create similar test passwords to what you are thinking of using.

I tried this website with a similar password as I don't to risk it. No one knows my real password to my files in my PC and to my electrum wallet. I tried a 40 character password which I can easily remember and it consisted of 32 lowercase letters 2 Uppercase letters 4 numbers and 2 symbols.

The website says to thoroughly trying to hack the password it needs a good 43 billion years Smiley . I hope they are right.
veleten
Legendary
*
Offline Offline

Activity: 1064



View Profile
September 27, 2016, 08:35:56 PM
 #38

I want to ask the tech guys here a few questions

I use for my all desktop wallets a password which is 13 character long and it consists of 2 words which only make senses to me and 2 number plus one special character, letters are small and capital ones.

How long would take from state sponsorship attack to bruteforce it ?

What about if I put this password to a RAR file which I keep all my documents and seeds encrypted , how much time if state sponsored attack have my file ?

Thanks in advance for your replies.

your password is

wX9uCPkTmFkHp

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄             
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄       
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   
▀▄            █        ▀▀      █   
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀     
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀               
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
startselect
Sr. Member
****
Offline Offline

Activity: 280


View Profile
September 27, 2016, 09:36:45 PM
 #39

Do you more or less know what letter the password started with. You could cut down the time by a few years if you start on that letter. And perhaps if you eliminate letters that you know if definitely doesn't start with.
Gleb Gamow
Legendary
*
Offline Offline

Activity: 1246


@ 🎥 YuTü.Co.in 🎥


View Profile WWW
September 27, 2016, 11:01:22 PM
 #40

Thank you but let me tell you a bit more about it so you can give me a more accurate explanation (this one is accurate enough but I want to add a little info here)

My password consists of 2 words 1 is in English 1 is in another language there are 2 numbers and 1 special character in the end.

I have tried in a website which calculates how much is needed to crack it (the RAR) in that website. It says to me that even with 100.000 PC with 500.000 passwords per seconds it needs about 12.000 years and a bit more to crack. I think this is safe, as the computers there are cluster computers and not just 100.000 pc connected to each others.

A cluster computer have a tons of GPU to try to crack your passwords.

I know hackers cannot break it as the maximum they may have is 1,2 or about 20 clusters maximum but state has as many cluster as they want so regarding this is my question.

If this file goes in the hand of a national security agency how long it will take approximately to crack it ? If it is more than 1 month for me is OK, I will transfer my bitcoins to another wallet during this time without problems.

Edit: The English word cannot be found in any dictionary, it's a special word , people use it rarely and I checked a few dictionaries and couldn't find this word there.

Keep talkin' and Kramer Krackers will have it by the next commercial break: https://www.youtube.com/watch?v=HYvwYjPVra0

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!