this post was submitted on 02 Aug 2023
88 points (94.9% liked)

Interesting

555 readers
1 users here now

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 1 year ago (1 children)

neat, what I take from this and the discussion below is that with a pw containing upper- and lowercase letters, numbers as well as symbols that 12 is just long enough.

[โ€“] [email protected] 1 points 1 year ago

The objective for password cracking is to obtain the hash of the users password. Obviously, if the intruder can get the raw password, that's better for them and doesn't require cracking.

If there hash can be obtained, then the objective becomes to match it. Since most passwords are stored in a one-way hash, you basically take a known value, run it though the hash, and compare the result with the hash. If they match, then the known value is the password (or at least one that has a hash overlap with the correct password (which is good enough).

Brute forcing the password prompt generally doesn't work because of lockouts on password attempts at the page, and you're correct on that, so it's not a valid way to attack the system for the password.