Jump to content

Password Generation


Recommended Posts

For everyone who uses a password manager, this might be a good extension for you to try. After doing a bit of research, I found that most hash cracking software can not crack passwords over 125 characters. While a 125 character password is extremely strong, 126 makes it so hash cracking software must be modified(which can be a pain as I found after helping patch John the Ripper). I was sad to see that password managers don't have the option to create passwords that large(for the most part), so I decided to create a simple Chrome extension to generate passwords at a variable length, with focus on massive passwords.

Here's a link: https://chrome.google.com/webstore/detail/bwallhatestwits-password/gocfgmeinifgmkhjkdmfjolfmpfpfnbg

Feel free to send any questions/comments my way.

Link to comment
Share on other sites

An interesting question is how increasing the length of a password affects the probability of their being a collision with a shorter length password. After all a password of 2000 characters is no use if the same hash is generated by one of 5 characters.

Link to comment
Share on other sites

  • 2 weeks later...

Can't really account for collisions, especially since it depends on what hashing method is employed by the web server. Also, different salts can rule out predictable collisions.

if hash(pass1 + salt1) == hash(pass2 + salt1): hash(pass1 + salt2) != hash(pass2 + salt2)

Link to comment
Share on other sites

But if you are cracking password hashes then you already have the hash and the salt and you are just searching for a password when hashed with the known salt produces the hash. Thus the strength of a password in this case isn't the length of the actual password used to generate the hash but the length of the shortest password that will generate the same hash.

Having said that, as you probably won't actually have your password hash for many systems you are still better to go for a longer password (that way there is only a chance of a shorter password produces a collision with your hash, if you pick a short password then there definitely is a short password that can be found when cracking the hash).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...