Results 21 to 30 of 35
Thread: KeePass pasword vault
-
07-05-13, 05:41 PM #21
Re: KeePass pasword vault
Brute force on most sites is a thing of the past. Most sited have a security lockout if your password is failed to much. Even with 10,000 slave bots at 5 guesses each, per 15 minutes, it's still a stupid about of time. Hell I think most sites will lock your account if too many failed attempts occur and force you to reactivate.
Most brute forcing happens on encrypted files that the hacker has acquired locally. And is trying to hack locally.
As for 256bit aes, I'm not familiar with it but it probably stands no chance up against modern gpu cracking approaches look at the latest specs for nvidia titan cards
Mobile-
-
- Join Date
- 08-20-07
- Location
- Tempe, Arizona, United States
- Posts
- 1,418
- Post Thanks / Like
- Blog Entries
- 2
07-05-13, 06:26 PM #22Re: KeePass pasword vault
256bit RSA has been dead for awhile, but 256bit AES block cypher is still very much alive, the best known attacks are on the order of 2^254 ops according to wikipedia.
Advanced Encryption Standard - Wikipedia, the free encyclopedia
So if we play this game the number of flops of a GTX titan is 4.5 tflops. We can assume this is the floor for integer performance, but within an order of magnitude or so. Given this we get something like 6^63 seconds for key recovery. this is approximately 10^46 more time than the universe has existed. I would say this is a very conservative estimate since I don't know if the code for such an attack can be effectively sped up by a GPU.
-H
ed. Man, had to open matlab to do that, but I love playing these gamesLast edited by hannibal; 07-05-13 at 06:29 PM.
Standard Disclaimer: 150% of what I say is bullshit.
-
- Join Date
- 07-24-06
- Location
- Colorado
- Posts
- 5,025
- Post Thanks / Like
- Blog Entries
- 6
07-06-13, 05:48 AM #23Re: KeePass pasword vault
This times 1000. I (not exaggerating) have 19 usernames and passwords at work just for network access. That's not counting the user names and passwords to sites and services on those networks. All the passwords get changed regularly and they all must be long and complex. It's maddening. Throw in my personal stuff for bills, banks, shopping, mail, social sites and games and it's a major headache. And if you want to be secure, everything needs a unique password so if say LinkedIn gets hacked, the assholes don't also get your PayPal. I hate those guys so much...
Sent from my Nexus 7 using TapatalkSleep, eat, conquer, meditate, repeat.
-
- Join Date
- 07-24-06
- Location
- Colorado
- Posts
- 5,025
- Post Thanks / Like
- Blog Entries
- 6
07-06-13, 05:53 AM #24Re: KeePass pasword vault
But they don't just brute force the hash. They start with using a dictionary of passwords to weed out the easy ones. And don't think that 1337 speak makes your password good against this type of dictionary. That alone nets them what they want. Then they have plenty of time to use the power of their distributed computer network of zombies to break the rest. There is no password security. Two factors are needed for decent security.
Sent from my Nexus 7 using TapatalkSleep, eat, conquer, meditate, repeat.
-
- Join Date
- 07-24-06
- Location
- Colorado
- Posts
- 5,025
- Post Thanks / Like
- Blog Entries
- 6
07-06-13, 05:56 AM #25Re: KeePass pasword vault
http://arstechnica.com/security/2013...our-passwords/
Everyone should read the original story and the follow up I linked. It's just too easy.
Sent from my Nexus 7 using TapatalkSleep, eat, conquer, meditate, repeat.
-
-
- Join Date
- 08-20-07
- Location
- Tempe, Arizona, United States
- Posts
- 1,418
- Post Thanks / Like
- Blog Entries
- 2
-
- Join Date
- 08-20-07
- Location
- Tempe, Arizona, United States
- Posts
- 1,418
- Post Thanks / Like
- Blog Entries
- 2
-
- Join Date
- 07-24-06
- Location
- Colorado
- Posts
- 5,025
- Post Thanks / Like
- Blog Entries
- 6
-
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Bookmarks