• Quetzacoatl@feddit.de
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    1 year ago

    neat, what I take from this and the discussion below is that with a pw containing upper- and lowercase letters, numbers as well as symbols that 12 characters is just long enough.

    • MystikIncarnate
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      The objective for password cracking is to obtain the hash of the users password. Obviously, if the intruder can get the raw password, that’s better for them and doesn’t require cracking.

      If there hash can be obtained, then the objective becomes to match it. Since most passwords are stored in a one-way hash, you basically take a known value, run it though the hash, and compare the result with the hash. If they match, then the known value is the password (or at least one that has a hash overlap with the correct password (which is good enough).

      Brute forcing the password prompt generally doesn’t work because of lockouts on password attempts at the page, and you’re correct on that, so it’s not a valid way to attack the system for the password.