this post was submitted on 02 Aug 2023
88 points (94.9% liked)
Interesting
555 readers
1 users here now
- Be respectful to other members Treat others with kindness and courtesy, even if you disagree with their opinions.
- Stay on topic Keep your discussions relevant to the purpose of the forum. Avoid going off-topic or derailing conversations.
- No spamming Avoid posting irrelevant or unnecessary content, advertisements, or links to unrelated websites.
- Use proper language and tone Choose your words carefully when commenting or replying to others. Avoid using profanity or engaging in offensive language and personal attacks.
- Do not share personal information Protect your privacy by refraining from sharing personal details such as addresses, phone numbers, or email addresses on the forum.
- Report any issues If you come across any inappropriate behavior or content, report it to the forum moderators or administrators.
- Have fun and contribute positively Participate actively and add value to the discussions. Engage in meaningful and constructive conversations with fellow members.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
neat, what I take from this and the discussion below is that with a pw containing upper- and lowercase letters, numbers as well as symbols that 12 is just long enough.
The objective for password cracking is to obtain the hash of the users password. Obviously, if the intruder can get the raw password, that's better for them and doesn't require cracking.
If there hash can be obtained, then the objective becomes to match it. Since most passwords are stored in a one-way hash, you basically take a known value, run it though the hash, and compare the result with the hash. If they match, then the known value is the password (or at least one that has a hash overlap with the correct password (which is good enough).
Brute forcing the password prompt generally doesn't work because of lockouts on password attempts at the page, and you're correct on that, so it's not a valid way to attack the system for the password.