Kaspersky Secure Password Check

[NYJimbo]

How long would it take for your password to be cracked?

https://blog.kaspersky.com/password-check/

I think this site assumes you would not be locked out or rate limited on failed attempts.

 

[OaksLabs]

The password "The quick brown fox jumps over the lazy dog!" seems to do well in these types of things, despite not having any numbers, special characters, or even a mention that it is all dictionary words.

However, a tool like this would be good to educate end users about how robots break into accounts that don't have lockouts.

 

[mraikes]

That's fun. It says an old password I once used consisting of 6 letters and 2 numbers (formatted like: "aaaaaa11") would be cracked in 8 days. I dumped that one long ago because I thought it too simple.

But had I added just one space between the letters and numbers (like: "aaaaaa 11") it jumps to 41 years." Adding two consecutive spaces ("aaaaaa 11") gives me 2,800 years. Makes me want to go back to a simpler password and just throw in a couple spaces!

 

[OaksLabs]

So to introduce a quick and dirty way of doing the calculation:

In the standard QWERTY keyboard, you have about 94 unique characters. In a password, the order of the characters matters, so it is a permutation (mathematically). Thus, a loose way to calculate it is to take the number of characters in your password (10 with "aaaaaa 11") and raise 94 to that power (because independent occurrences are multiplied in probability).

So 94^10 = 53861511409489970176. This is the maximum number of 10 character passwords from the standard 94 character QWERTY set.

The speculative part comes in with how fast a computer could try all those combinations. Some calculators use a dual core workstation when projecting the estimated time, others use a super computer.

 

[Davena]

14 centuries with mine. LOL

 

[cypress]

Damn 2 days!? I put some basic stuff in there.

 

[Gavin]

I know this thread was last updated 6 months ago, but I only found this forum and the kaspersky checker today. They seemed to have updated the page; the passwords above (including ) now claim to be crackable in under 7 seconds (rather than 41 years):

"aaaaaa 11" : "Your password will be bruteforced with an average home computer in approximately 5 SECONDS"

Maybe home pcs have gone quantum in the last six months.

They're obviously using a dictionary lookup as part of the algorithm. "salt&pepper" takes 7 minutes, but "salt&pepp" takes 28 days.

Any idea how one can reproduce these results? I'd love to test a password cracker on my home pc that can find "salt&pepper" in 7 minutes.

 

[Daifne]

One of my main ones is 5 centuries, but the other is over 10,000 centuries.

 

[JoeTech]

It is interesting that you a password up to 1234567891011 takes one second to crack. then up to 1-15 takes 21 days 1-17 takes 2 years, but 1-18 would take 63 years. Surely a criminal or government would be able to crack it much faster since they wouldn't be using average pc's but surprised to jump from 17 to 18 is so big.

 

[MDD1963]

10,000 centuries....?

 

[Larry Sabo]

889 centuries, using the algorithm I use for generating site-specific passwords.

 

[Daifne]

10,000 centuries....?

Yup. That's what the site told me.

 

[ComputerRepairTech]

Calculations don't make much sense to me, not sure how they think brute forcing is done.