Milovana.com

                     
                     Off-Line Password Generator & Vault For Desktop & Mobile




           I look forward to Doxy giving this a yes OR no vote,


                     In light of recent security leak scandals, people are beefing up security on their personal accounts to paranoid levels. Security is always at a premium and to serve that end there are numerous solutions available.
                     http://www.addictivetips.com/windows-ti ... tor-vault/



                     

the phrase 7&62-0~!vbB can be guessed in about 3 days at 1000 guesses/sec.

That cant be right...it surely must take more time!

No that's not right and here's a few reasons why.

1) According to GRC's Password Haystack¹ in order to exhaust all possible combinations of that letter space it would take 1.83 billion centuries at 1,000 attempts per second. Granted you wouldn't have to try every possible combination to get to this particular password, but I'm still going to venture a guess that you won't be breaking it within a few million years at that rate.
2) An attack of this scale would never go unnoticed by system administrators. Large sites would notice it relatively quick and smaller sites would be overwhelmed by it. Either way they would most certainly take steps to stop/slow any such attack.
3) Take a look around at any site using modern software and you'll see that after a few failed attempts they lock an account for a set period and will often times require a captcha after it's unlocked. This means that at best you could do a few dozen tries a minute. Breaking an 8 character password at that rate becomes almost impossible.

For anybody that has doubts I'd ask this simple question; if it is possible to break a complex password with brute force over the internet in a few days or even weeks then why isn't it happening on a regular basis? There are unscrupulous people all around the world that have access to servers that would be able to do such a thing if it was really possible.

¹ https://www.grc.com/haystack.htm

Thanks James.

BTW, I dont agree with GRC that D0g..................... is more difficult to crack than the other one. As pointed out in the other thread, password crackers can employ "strategies" that humans use in order to generate passwords. And padding is a known common strategy.

Security is a complex issue, with lots of debates over encumberance vs effectivness.

The issue with offline password storage is that someone can copy the vault/files over more easily for a brute force attempt. Being able to do this, removes any ability for the system to lock things out from many bad guesses, along with allowing various other techniques for finding memory exploits in the program.

However using different passwords for each site, and non-patterned ones, does make you overall considerably more secure, as then a single site being compromised doesn't compromise your other logins. So it can be argued to increase security, along with having a higher security than writing them out on paper.