cybersecurity

4533 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks

tweedge

Nvidia RTX 5090 can crack an 8-digit passcode in just 3 hours — password cracking benchmarks show tremendous performance (www.tomshardware.com)

submitted 1 month ago by cm0002@lemmy.world to c/cybersecurity

8 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] tal@lemmy.today 15 points 1 month ago* (last edited 1 month ago) (2 children)

To be fair, that assumes complete exhaustion of the password space. If you assume that a given password is totally random, then it'd take half that time, 80 years, on average.

Thing is, most people don't choose totally random passwords, and there are utilities that will try to generate statistically-more-common passwords sooner in that sequence, well before 80 years.

I'm probably very out-of-date here, but as an example, one elderly utility, John the Ripper, comes with "mangling rules" to append a "1" at the end of a given sequence fairly early, because that's how a lot of people make their password pass a digits requirement. Using passwords containing dictionary words and replacing "e" with "3", stuff like that.

I'd guess that today, someone probably has software that has rules to order its attempts that are trained off leaked password databases to be statistically optimal to defeat them, rather than merely manually crafted with human guesswork.

[–] carl_dungeon@lemmy.world 6 points 1 month ago (1 children)

Totally fair points! Password managers FTW, all my passwords are 25 character complete random.

[–] tisktisk@piefed.social 3 points 1 month ago (2 children)

I was told there is no such thing as complete random

[–] AdrianTheFrog@lemmy.world 3 points 1 month ago* (last edited 1 month ago)

https://www.idquantique.com/random-number-generation/products/quantis-qrng-pcie/

Edit: the actual way they do it is from things like sensor noise, it's practically impossible to predict the random noise on a temperature sensor for example

Edit2: oh wait it's literally just an led and cmos sensor lol (well i guess there's a lot of processing etc but still)

[–] catloaf@lemm.ee 1 points 1 month ago

That depends on whether you believe in determinism.

Current CSPRNGs are good enough for our purposes.