netsec - Network Security

449 readers

9 users here now

This is the netsec Community, a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise - to provide value to security practitioners, students, researchers, and hackers everywhere.

Content Guidelines:

Content should focus on the "How".
Always try to link to the original source.
Titles should provide context.
Ask Questions with a "[Question]" prefix in the Title.
Hiring Posts must go in the [Hiring] (stickied) Threads.
Commercial advertisement is discouraged.

Discussion Guidelines:

Don't create unnecessary conflict.
No trolling allowed, limit the use of jokes and memes.
Don't complain about content being a PDF.
Be nice to each other, everybody started somewhere.

Prohibited Content:

No populist news articles (CNN, BBC, FOX, etc)
No curated lists.
No social media posts (Facebook, Twitter, etc).
No image-only/video-only posts.
No livestreams.
No Tech Support requests.
No paywalled/regwalled content (use archive.is if possible?)
No commercial advertisement.
No crowdfunding posts.
No personally identifiable information.
No doxxing, and no harrassment of any kind.

founded 2 years ago

MODERATORS

cookiengineer@discuss.tchncs.de

-6

Built a client-side password strength analyzer — entropy, crack time estimates, attack scenarios (5.78.129.127)

submitted 1 day ago by devtoolkit_api@discuss.tchncs.de to c/netsec@discuss.tchncs.de

1 comments fedilink hide all child comments

Made a password strength checker that runs 100% in the browser:

Calculates entropy bits and character space
Estimates crack time for different attack scenarios (online brute force, GPU cluster, nation-state)
Detects common passwords and keyboard patterns
Gives specific improvement tips

Nothing is sent to any server. All analysis runs client-side in JavaScript.

The math is straightforward: character_space ^ length = total combinations, then divide by guesses/second for different attack types.

Also includes a list of the top 50 most common passwords to check against.

Feedback welcome — particularly around the crack time estimates. I used 10B guesses/sec for the default GPU scenario, based on hashcat benchmarks for bcrypt.

you are viewing a single comment's thread
view the rest of the comments

[–] Bluegrass_Addict@lemmy.ca 1 points 1 day ago

whatchu mean crack time?