How secure is your password!?

[D..X]

[Dimo4ka]

18 minutes ago, Ashuyai said:

All it takes is one data breach where passwords leak and everything gets compromised 😅

in fact, if the base is pulled out, then it flows away quite well, but it also needs to be decrypted, that's exactly what I'm doing

[Dimo4ka]

19 minutes ago, Paul007 said:

You know Dimo, having one pass is not wise idea for one basic reason, it of course can be "unbreakable"(meaning it can be broken in resonable amount of time). But the real danger is the one of the web, you use it with, will be attacked with hacker, and then the "hackers", got your password without breaking it, from the web databases. That's i think the main reason why you should have couple of differend passswords, because one web is really well secured, but other like internet-shoping web could be not.

in fact, everything is a little simpler, it will not be difficult for anyone to pull out your passwords from other servers, cope with one, cope with another, sit and guess ... no one does this anymore, it’s not that time now. In any case, mine was created by a generator that I wrote myself, the algorithm is mine, it is very difficult to guess 😄 😄  😄 

[Dimo4ka]

I am working on one project, so passwords are stored in the database, even after pulling the database, you need to understand how to decrypt it. For the curious, I'll tell you a tale, the password of the user with id 2 = 123

user with id  13 password = set of 15 characters and 10 numbers

 

and while this is just an early stage project based on sqlite3, it will be more fun when we leave for postresql

 

well, for an experienced hacker, this may not be a lot of work, but for ordinary users, even with a torn base, you will have to sweat

[GHARIB]

2 minutes ago, Dimo4ka said:

will not be difficult for anyone to pull out your passwords from other servers, cope with one, cope with another, sit and guess ... no one does this anymore

[Dimo4ka]

Just now, GHARIB said:

I'm just sure of my password

 

a weak password is idiotic anyway 😄 

[Dimo4ka]

well 🎅

[Paul']

I meant i know that the level of secure encryption of databeses is constantly increasing, and it's not a pice of cake to get the password out of the well encrypted database. My point is that when you're making an account in somekind of internet shop, forum, or your e-mail, you really don't know how their database is store and how well it is encrypted, and who is working there, and what person it could be, and what he could do with his knowledge after, he leave his job. I would never use my e-mail password to create account in a music shop where i buy string for my guitar for example, beacuse the risk of leak from that kind of little shop witch can be just one person with basment storage, and old LGA771 base server is Huge.

[Dimo4ka]

2 minutes ago, Paul007 said:

I meant i know that the level of secure encryption of databeses is constantly increasing, and it's not a pice of cake to get the password out of the well encrypted database. My point is that when you're making an account in somekind of internet shop, forum, or your e-mail, you really don't know how their database is store and how well it is encrypted, and who is working there, and what person it could be, and what he could do with his knowledge after, he leave his job. I would never use my e-mail password to create account in a music shop where i buy string for my guitar for example, beacuse the risk of leak from that kind of little shop witch can be just one person with basment storage, and old LGA771 base server is Huge.

you just need to know where you are registering. If this is some kind of non-name one-time site, forget even about the thought of showing your mail there. For such cases, I use either disposable mailboxes or false addresses. my email, which is real, I registered only on a couple of sites and there is a password. and if this is a website of some kind of store and so on, why should he show his password, and even more so email, you don’t need to do that

 

you need to be aware of what you are doing and where you are doing it

[Paul']

That's right, you just told that you use one password for everything, and did not say all of that, after our exchange of thoughts i know, that you know what is safe and what not. Now i know you are safely user of web and i can sleep well in the night:D

[Dimo4ka]

1 minute ago, Paul007 said:

That's right, you just told that you use one password for everything, and did not say all of that, after our exchange of thoughts i know, that you know what is safe and what not. Now i know you are safely user of web and i can sleep well in the night:D

Stay safe on Web mate 😄 

[Vindstot]

2 hours ago, Dimo4ka said:

I have one password for everything, but it seems to me that guessing it is another task, although who knows 😄

I strongly suggest to keep different passwords wherever you can

[BeefYT]

We do realise this is works if the password is bruteforcing using no salts or formulas to expand on the bruteforce and uses previous breahed passwords. 

All these tools are doing is marrying up against wordlists. 

For example my password is password. 

Someone will run my account against a wordlist a common wordlist is **** then soon as ****.txt comes across my password in the list it matches. 

 

Most attackers with some experience will run against salts and information they know about you. for example my password is password123!

I will run my account against the same list but depending on the tool i use i will make the tool attempt every password on that list with 123, !, 123! after the words. until it matches. 

 

never use:

123

2022 / 2023

!

?

at the end of your passwords they are common when a website asks for a special character most people just add ! at the end and then wounder why the password is easily guessed. 

No password is uncrackable especially long passwords that are varied. But anything less than 12-15 characters long as a rule is crackable by an attacker with relative ease. 

 

as a rule for a secure password make a random password something completely irrelevant to you, String words together if you can, replace letters with numbers where you can instead of an A put 4, instead of using spaces use /  and open and close your passwords with special characters for example {F34rl3ss/4ss4ss1ns} 

 

These tools are good against script kiddies but anyone else not great. 

 

https://haveibeenpwned.com/Passwords - Check your password to see if it's ever been pwned. If it has or you find a password that is similar your password can be cracked quickly. 

Edited January 30, 2023 by GHARIB
edited wordlist :)

[GHARIB]

7 minutes ago, BeefYT said:

Someone will run my account against a wordlist a common wordlist is **** then soon as ****.txt comes across my password in the list it matches. 

 

Sorry @BeefYT

I have edited you know what - you know why 😄 

We don't give any clue here about this 😛 

[GHARIB]

15 hours ago, Dimo4ka said:

I am working on one project, so passwords are stored in the database, even after pulling the database, you need to understand how to decrypt it. For the curious, I'll tell you a tale, the password of the user with id 2 = 123

hmmm

Django project?

 

15 hours ago, Dimo4ka said:

well, for an experienced hacker, this may not be a lot of work, but for ordinary users, even with a torn base, you will have to sweat

 

pbkdf2_sha256$390000$esaenzgMkTt3KWE7ruAh7y&idGDSMB63/oDneNQj+s3proyZEK03xr3AcNuWb3pHyw=

 

DJANGO pbkdf2_sha256 ?

 

If you have a "human made password" - or poor combination of words/numbers :

 

 

 

One advice , chose long passwords like this one  

15 hours ago, Dimo4ka said:

user with id  13 password = set of 15 characters and 10 numbers

 

If it is a mix of numbers + Upper/Lower case letters + symbols - ramdomly placed

  👍