Programmer Humor

32291 readers

32 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

1109

Passwords are insecure (programming.dev)

submitted 6 months ago by [email protected] to c/[email protected]

98 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 9 points 6 months ago* (last edited 6 months ago) (2 children)

Fun fact: it would take about 37 billion years on average (at current (known) tech) to brute force a 16 character alphanumeric password which uses uppercase ie. using at least one of each of a-z,A-Z,0-9

Adding special characters would not make it easier. A trillion years seems like a long time. (Unless your password is ThisIs4Password!)

https://www.komando.com/wp-content/uploads/2021/03/Passwords-chart-970x510.jpg

[–] [email protected] 9 points 6 months ago

Also, online logins should lock you out temporarily after a few failed attempts anyway, making brute force a complete non issue.

Also also, if you're going to try to brute force someones pw, you would just look up the requirements beforehand anyway.

[–] [email protected] 1 points 6 months ago (1 children)

If you brute force using single iterations of all possible combinations sure. But people don't do that. They use fully readable passwords and letter substitutions. This makes dictionary attacks viable. There are a known number of readable words and phonetic combinations that are significantly easier to brute force. And also the vast majority of numbers are also guessable because most numbers are dates. Series of 2 or 4 or 8 numbers to form important dates means there are lots of numbers between 1940-2024. People don't usually unconditionally random alphanumeric passwords. Therefore peoples passwords will never be fully secure against sufficiently advanced brute force methods.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago)

I originally included the words "assuming random" to the post. Why I removed it? I guess for dramatic effect. You are correct. Permutations of dictionary words are relatively trivial for a decent program. But, increasing the length and the addition of special characters adds a nontrivial exponential increase in time, wouldn't it?