Why is any amount of years in thousands not green? The matrix is skewed towards orange and red to make it seem riskier. This is a biased graph.
Not to mention the computer specs needed to crack these passwords are not mentioned. A “hacker” still needs libraries of their own to crack anything, which might find the password or might not, and no method is instant.
The ways to crack, at least with brute force, mean it’s iterative. You either start with the most common combinations of all numbers or all letters, and then move incrementally. Then start mixing. There are so many combinations that nothing is ever instant.
This works out to 40 billion guesses per second. Can you calculate 8 password hashes in one 5GHz clock cycle?! If the hash&salt algorithm is any good, rainbow tables will not work, either. You would need the undivided power of some serious botnet to get these times. Not to mention the service would need to be breached for hashes first.
For everything longer than a couple of years, it becomes more relevant what future hardware can do, I think. Would be interesting to see such a table from 20 or 40 years ago.
Everyone knows you are only safe if the hacker needs to run a dozen high-end contemporary GPUs for more than the lifespan of a star to be secure. /s Anyway, you can expect the times to shrink significantly once Si-optical or quantum computers become available in a few decades, although the service will have been discontinued, upgraded to a more robust hashing technique or you will have changed your password by then.
Agreed - frankly even 10 years should be green. Unless you’re talking about corporate/government security, no one is tying up a decade of GPU time to crack a single password, not to mention that even a relatively security lax person is likely to have changed their password some time in a decade
Why is any amount of years in thousands not green? The matrix is skewed towards orange and red to make it seem riskier. This is a biased graph.
Not to mention the computer specs needed to crack these passwords are not mentioned. A “hacker” still needs libraries of their own to crack anything, which might find the password or might not, and no method is instant.
The ways to crack, at least with brute force, mean it’s iterative. You either start with the most common combinations of all numbers or all letters, and then move incrementally. Then start mixing. There are so many combinations that nothing is ever instant.
This works out to 40 billion guesses per second. Can you calculate 8 password hashes in one 5GHz clock cycle?! If the hash&salt algorithm is any good, rainbow tables will not work, either. You would need the undivided power of some serious botnet to get these times. Not to mention the service would need to be breached for hashes first.
For everything longer than a couple of years, it becomes more relevant what future hardware can do, I think. Would be interesting to see such a table from 20 or 40 years ago.
Yeah imagine saying 69000 years is only 3/5 secure
Everytime I see this graph I focus on the fact that 1 second and 10 months are the same color, but 1 sec and “instant” are different colors.
Like I guess if “instant” is a billionth of a second than it’s a greater difference of magnitudes. However, in reality a second feels like an instant.
Removed by mod
Everyone knows you are only safe if the hacker needs to run a dozen high-end contemporary GPUs for more than the lifespan of a star to be secure. /s Anyway, you can expect the times to shrink significantly once Si-optical or quantum computers become available in a few decades, although the service will have been discontinued, upgraded to a more robust hashing technique or you will have changed your password by then.
Agreed - frankly even 10 years should be green. Unless you’re talking about corporate/government security, no one is tying up a decade of GPU time to crack a single password, not to mention that even a relatively security lax person is likely to have changed their password some time in a decade