way to test "strength" of my passwords?

zozo
Posted:
in General Discussion edited January 2014
I was wondering if there was a sort of password cracker simulator that I could use to see how long it would take to crack my passwords(s).



Obviously not online...



I've never tried cracking and stuff but lately am getting paranoid and kinda want to see if my, already lengthy, password is "enough" or just as much a joke as using "abc123" or something like that. It's not like I want to have to get into making frikken passphrases that are a chapter long neither.



Thanks to any advice...



(actually, wouldnt this be a cool piece of shareware?)

Comments

  • Reply 1 of 8
    dobbydobby Posts: 794member
    put a password on a pdf or ms doc or spreadsheet and download passware or wordhack etc from a dodgy site (www.hackers.de or ww.eag.ru) and run it against it.



    Dobby.
  • Reply 2 of 8
    slugheadslughead Posts: 1,169member
    Send them to me and I'll tell ya



    Quote:

    Originally posted by ZO

    I was wondering if there was a sort of password cracker simulator that I could use to see how long it would take to crack my passwords(s).



    Obviously not online...



    I've never tried cracking and stuff but lately am getting paranoid and kinda want to see if my, already lengthy, password is "enough" or just as much a joke as using "abc123" or something like that. It's not like I want to have to get into making frikken passphrases that are a chapter long neither.



    Thanks to any advice...



    (actually, wouldnt this be a cool piece of shareware?)




  • Reply 3 of 8
    Use Keychain Access to check the strength of your password.[list=1][*]Open Keychain Access (located in Applications>Utilities)[*]Go to menu Edit>Change password for keychain[*]Click the "i" icon[*]Now in the new password field (no need to enter your old password) start typing letters of your new password. As you type in real time you will be told the strength of your password.[/list=1]

    Hope this helps
  • Reply 4 of 8
    zozo Posts: 3,115member
    That's awesome!!!!!! Thanks MacWrite.



    Also... it sucks. My PGP passphrase has a (I think) respectable 260 score. My login password is a crap 45 and my usual kinda catchall unimportant password for dumb websites is about 68 (green though).



    Hmm... what do the numbers actually mean?
  • Reply 5 of 8
    toweltowel Posts: 1,479member
    John the Ripper seems to be the "standard" password strength tester (i.e. password cracker). It's easy to use if you're familiar with the command line. It uses brute force guessing, but you can google around for word lists to add to it.



    The general rule for brute-force is that longer is better, mix cases, and stir in numbers. Do all that, and it's extremely difficult to crack the password. Unless it's on someone's word list. So avoid any words or phrases that might be found in any dictionary, anywhere. That includes foreign languages, made up languages, names, and 133tsp33k. For example, taking a dictionary word and replacing letters with the obvious numbers (i -> 1, e -> 3) doesn't help much.
  • Reply 6 of 8
    zozo Posts: 3,115member
    downloaded John and a few lists I could find.



    I suck at unix and therefore have no clue wtf I'm doing therefore didnt work.



    Ah well...
  • Reply 7 of 8
    long pass-words or pass-phrases are a lot better than short ones. and phrases in general are a lot better than words. even phrases of normal english words. most dictionaries (used in dictionary attacks) only have single words, and don't compute any phrases. If you can commit to memory some short phrase, like "isn't this phrase stupid", it would be a lot more secure than any single or short combination of letters/numbers/characters you can come up with. problem, of course, being that you have to remember capitalization, spacing and punctuation, if u use them. but as an added benefit, if u write down "isn't this phrase stupid" on some non-descript piece of paper around your computer, most people wouldn't automatically think thats your passphrase.



    there was an article written by some ms guy recently (and posted on /.) about the strength of pass-words and pass-phrases. and of course, windows security is different from osx, but the idea is still the same. bigger is better.
  • Reply 8 of 8
    zozo Posts: 3,115member
    just a little update:



    I dont know if this in the standard Firefox but I downloaded the latest nightly build of Firefox from http://homepage.mac.com/krmathis/ (optimized for G4) and went through the preferences and you can set a master password (like Keychain manager but just for Firefox) and when you set the password, there is a similar feedback visula to the Keychain manager's "password strength-o-meter" that lets you know how "good" your password is.



    Pretty slick.
Sign In or Register to comment.