

Show HN: Correcthorsebatterystaple.net XKCD inspired password generator - vvoyer
http://correcthorsebatterystaple.net/

======
valarauca1
using 4 words + a number there are (with your dictionary).

272,063,514,907,720,560 possible combinations (2.7x10^17).

I threw together a very rough cracker in java. That's able to do about ~40,000
guesses per second (i5 laptop processor). Based on your dictionary of 2284
words.

At this rate it would take me 123,243 years to complete a full search of the
space.

:.:.:

At the NSA's quoted rate 1 trillion guesses per second (Edward Snowden Citizen
4).

It would take 3 days, 9 hours to crack (giving your dictionary).

~~~
vvoyer
You mean it would take the NSA 3 days given that they are able to test their
solutions on my login system and my login system is able to take 1 trillion
guesses per second?

~~~
valarauca1
Given the dictionary (all possible words) and using the default settings (4
words, hyphen, 1 number).

If we did something simple like say SHA-256 the generated password. And
compare this to the SHA-256 of a captured password.

It would take ~3 days, knowing the generation algorithm and dictionary to
solve for a match.

:.:.:

Also nobody in their right mind would actually preform 1trillion HTTP post/get
requests per second. They'd compare hashes locally within memory. Far faster.

