~=8 Character Passwords Are Dead=~

New benchmark from the Hashcat Team shows a 2080Ti GPU passing 100 Billion password guesses per second (NTLM hash).

This means that the entire keyspace, or every possible combination of:
- Upper
- Lower
- Number
- Symbol

...of an 8 character password can be guessed in:

~2.5 hours

(8x 2080Ti GPUs against NTLM Windows hash)

#Hacking #Infosec

@tinker those were never good passwords to begin with, but how do you counter this without changing password habits? after all moore's law will make longer and longer passwords crackable

@DJWalnut - I recommend passphrases of five words. Easy for a person to remember, harder to crack.

Ideally use a password manager and inplement multifactor authentication every where you can.


@tinker @DJWalnut Yup. Mutate a 5+ word sentence. And maybe hash a memorable phrase and paste that in. (Heavily deters decrypting the database, but less useful in a MITM.)

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!