"Encrypted password" which is useless because that is the point of encryption. Also, password managers are great. Highly suggest using one. Just got a new device and I could log into everything effortlessly and URL spoofing does not work because the manager only inputs info on the correct URL.
You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
Yep. As other guy said, rainbow tables will probably snag a decent percent of real world passwords. The good passwords are safe, but Darth Helmet's luggage code will be easy pickens. And the people using bad passwords tend to reuse them.
If your password is a word or a common word/number combination, and I have the encrypted hash, I can break it in a few hours, maybe a day. (edit: ran the calculations for another post, it takes 25 minutes to crack any common password, even with bcrypt)
If it's not, it might take days-weeks depending on how long it is and which algorithm they used. If it's under 8 characters, there are databases that can break it instantly.
(Edit: As sordifPontification points out, these don't apply to bcrypt, especially if it's salted as it should be)
Gab is based on Mastodon which uses bcrypt to store password hashes. There are no rainbow tables for bcrypt for anything 8 characters or less. For under 8 characters, the rainbow tables would be ~211 296 876 372 480 bytes in size. Plausible given current storage but very unlikely.
Edit: And this calculation is probably off by an order of magnitude as I forgot about the salt and was basing this off the hash length.
Edit edit: Plus a 16 byte salt renders rainbow tables completely useless.
"Encrypted password" which is useless because that is the point of encryption. Also, password managers are great. Highly suggest using one. Just got a new device and I could log into everything effortlessly and URL spoofing does not work because the manager only inputs info on the correct URL.
You can figure it out, but it takes some time. Always use good passwords, and it will go a long way. Also, for every breach you hear about, there are plenty more you don't.
A 16 character password randomly consisting of upper and lower case letters and numbers only using bcrypt with a cost factor of 10 would take ~6.046727765959351e+18 years to crack on a single Nvidia 2080Ti.
The Gab passwords are hashed using bcrypt. I don't know what their cost factor was configured as.
Yep. As other guy said, rainbow tables will probably snag a decent percent of real world passwords. The good passwords are safe, but Darth Helmet's luggage code will be easy pickens. And the people using bad passwords tend to reuse them.
If your password is a word or a common word/number combination, and I have the encrypted hash, I can break it in a few hours, maybe a day. (edit: ran the calculations for another post, it takes 25 minutes to crack any common password, even with bcrypt)
If it's not, it might take days-weeks depending on how long it is and which algorithm they used. If it's under 8 characters, there are databases that can break it instantly. (Edit: As sordifPontification points out, these don't apply to bcrypt, especially if it's salted as it should be)
No.
Gab is based on Mastodon which uses bcrypt to store password hashes. There are no rainbow tables for bcrypt for anything 8 characters or less. For under 8 characters, the rainbow tables would be ~211 296 876 372 480 bytes in size. Plausible given current storage but very unlikely.
Edit: And this calculation is probably off by an order of magnitude as I forgot about the salt and was basing this off the hash length.
Edit edit: Plus a 16 byte salt renders rainbow tables completely useless.
Good points on the bcrypt part. Editing my post above
It's been a long time since I've done anything in that world, How are passwords that consist of several real words with no numbers or symbols?
Several real words (3+) are very safe. Easy to remember and it just takes exponentially long for any algorithm to work it's way up to that point.
Yep. Another reason for password manager. Have 20+ character passwords that are random and use all possible characters.