Account Password Security

What speed can hackers get in a brute force attack? Im a massive noob, and someone locked this zip file and I can only get 1000 pw/second. But I know a cheap computer can get like 200,000,000 pw/second, is that figure current though? and what if someone had a decent computer, could they reach a better pw/second than this?

"

Metronomy wrote:

What speed can hackers get in a brute force attack? Im a massive noob, and someone locked this zip file and I can only get 1000 pw/second. But I know a cheap computer can get like 200,000,000 pw/second, is that figure current though? and what if someone had a decent computer, could they reach a better pw/second than this?

1000 pw/s????? what was doing that a frigun i7 with a SSD and a 30MP/S upload speed?????



WTF?? WHAT IN TF WTF!! 200,000,000 pw/s??? Who the hell would process at that speed, THE NSA!!!!!????????


It really depends on if your talking about bruteforcing a remote server/username password of some-kind online account or if you are trying to bruteforce a hash-key or salt-key(Which GGG would kill you for apparently :) )

And then take into consideration the encrytion they are using ontop of the hashing system of the "Key"


I usualy bruteforce a remote server like 2 pw/s and that is to circumvent triggering automatic IP Banning(If the sites code can be circumvented however, I can get it up to like 200-600 pw/s @ best speeds because of net speed etc).... Now unless you have a botnet- which can multiply your processing power exponetialy.


In regard's to decryting a key to a peice of generated encryption, then I would say 20,000-60,000 wp/s and thats pushing it again on a high end system. Better to botnet these kind of tasks to save time.....


Also this isnt including how long it would take to bruteforce passwords of increased length and complexity.

But as mentioned, if you have a common password. Be prepared to get bruteforced in like 10 minutes of less.

It depends on the method, but 1000 guesses per second is extremely slow.

For instance there is this explanation:



With a zip you should know the info provided... however there are zip cracking programs out there already that should be programmed to take advantage of such info.

The second factor is using a GPU instead of a CPU. GPUs can crack at 1000-100,000x faster than a cpu, so you can go from millions of guesses per second to billions. This requires a program that is capable of accessing low level instructions on the GPU.

I know people who farm for bitcoins using GPU arrays... they can do a RIDICULOUS number of calculations per second.

"

zeto wrote:

It depends on the method, but 1000 guesses per second is extremely slow.

haha my eye's are tired and I missed that part where he mentioned a "Zip file" lol.


Agreed cracking a simple zip file password wouldnt take long at all. And you could do it at rediculas speeds. :)

"

Chris wrote:

Various services such as Linkedin and League of Legends have supposedly had their password databases compromised recently. Please make sure that your Path of Exile password is not the same as the password that you use for other services!

Edit: If you're interested, we store passwords securely as a salted hash. We do not store credit card information ourselves.

Will there be an option for a an authenticator or mobile app down the road? I apologize if this has already been covered if so sorry. Also thank you for the information :)

"

youngamac wrote:

"

Chris wrote:

Various services such as Linkedin and League of Legends have supposedly had their password databases compromised recently. Please make sure that your Path of Exile password is not the same as the password that you use for other services!

Edit: If you're interested, we store passwords securely as a salted hash. We do not store credit card information ourselves.

Will there be an option for a an authenticator or mobile app down the road? I apologize if this has already been covered if so sorry. Also thank you for the information :)

Hi,

If you just type authenticator into the search section..

http://www.pathofexile.com/search/

I think you will find the answers your looking for :)

Also they are salting your secure info, so i wouldnt be to worried about it being dissected by hackers lol. salting is still a very good way to protect data, unlike md5/sha1/sha etc etc.

"

tachi203 wrote:

salting is still a very good way to protect data, unlike md5/sha1/sha etc etc.

I think you are confusing yourself, salting a hash is an action that is independent of the actual encryption algorithm used. Some password hashing implementations use salted MD5 or SHA{X} or even both, some don't.

"

Seonid wrote:

"

tachi203 wrote:

salting is still a very good way to protect data, unlike md5/sha1/sha etc etc.

I think you are confusing yourself, salting a hash is an action that is independent of the actual encryption algorithm used. Some password hashing implementations use salted MD5 or SHA{X} or even both, some don't.

I mean if you use those mentioned encryption methods by themselves(They have been compromised), no confusion =D but sorry I wasnt more specific.

Theres a very usefull programme called keepass that can generate random passwords. you can install it on your computer and to acces it you have to use a master password. with that you can acces all passwords you have. it's bad if your master password gets hacked ofcourse but all other passwords are inpossible to gues without hacking programs and i dont think that theres gonna be a lot of master hackers trying to hack PoE.
i also think that there should be a password recovery system made soon so that if you forget your password you can ask for an email that will reset your password so that you can make a new password.

"

PortalFreak wrote:

Theres a very usefull programme called keepass that can generate random passwords. you can install it on your computer and to acces it you have to use a master password. with that you can acces all passwords you have. it's bad if your master password gets hacked ofcourse but all other passwords are inpossible to gues without hacking programs and i dont think that theres gonna be a lot of master hackers trying to hack PoE.i also think that there should be a password recovery system made soon so that if you forget your password you can ask for an email that will reset your password so that you can make a new password.

Just make a 12 digit or more password and it will be encrypted then salted...your passwords here are pritty safe from the sounds of it.

And yea I have seen those password generators, they usualy have problems where hackers crack the generation code and then rewrite it to pump out a list of potential passwords from a1-z0......

And then they could just phish or XXS your main key anyway...

No point really... Not that many people even need your password anyway to bypass you.

usualy people are more concearned with vulnerabilities or zero-day exploits.