Brute Forcing?
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.
You are currently reading a thread in /g/ - Technology
You are currently reading a thread in /g/ - Technology
So how can measuring password strength by bruteforcing can be relevant when pretty much all of the services i know stops/changes the login process after 3 tries. How can you brute force that?
It's reliant on them have a local hashed password.
by using a botnet
>>51874130
that's why brute force attacks are mostly used for offline attacks, like hash cracking
>>51874130
>Hash your password
>Put that hash into google
>Find out how many shitty sites don't salt
Think about how the server checks passwords; They apply an algorithm to the password you provide and see if it matches with a 'hash' in their databases.
Grab the hash and you can check a password as much as you want.
>>51874130
Because what else are you going to measure by?
Services which timeout an IP for x amount of time after y failed tries (like fail2ban) are just an additional security measure.
So is there a reason to use complex passwords for online services like Ebay, Paypal, cloud storage, work stuff etc.?
>>51874321
no, complex passwords are a meme
ive been using qwertyuiop99 since forever and nothing bad happened to any of my account
How does one brute force a password?
Just use some program?
>>51874194
Passwords hashes are all stored on the server right? No easy way to use this to your advantage...
>>51874569
And there's no way anyone will ever get a hold of that, right?
>>51874130
That requires getting the hash in a different manner, which implies getting access to one of the places in which they're generated, stored or attempted. Which generally means it's compromised anyway, so they don't really need the passwords from that point.
That's like breaking open a door and then attempt to lockpick it.
>>51874569
It's not like servers get hacked and their hashes dumped on the Internet every other day, right?
http://lmgtfy.com/?q=password+hash+leak+news
>>51874717
1. Hack WindowsAppleForum.com/LoLLusersForum.com
2. 99% of people use the same password everywhere.
3. ???
4. Gain access to lots of bank accounts and identities.
>>51874844
There's a difference between password security and password variety.
>>51874862
Even assuming you're a retard who uses the same password everywhere, if it's a good password attackers won't be able to crack it, so it's useless to them.
>>51874896
>if it's a good password attackers won't be able to crack it
If their goal is attacking the system from which it was taken, it's compromised anyway. As I said, break the door open and pick the lock.
>>51874948
Hashes don't have to be stored in the same server/database as all the other info. In fact, it makes sense to separate the authentication infrastructure from everything else.
>>51874984
Yet that's not always how things happen, and regardless, the security of both will be equal. In most cases, a stolen hash means everything is compromised, no need to look further.
>>51874896
plaintext leaks have happened, sadly
