Once passwords are hashed, (and no one stores unhashed passwords right!), the stored hashes all end up the same length regardless of the length of the input. So any reduction in the possibilities just makes things quicker. And quicker, just means cheaper...

Here we have a (single) gpu cracking 8-character hashed (NTLM) passwords that would take 1 year using a fast cpu, in 18 hours. At a rate of 3.334 billion passwords per second!

Here we have clusterable twin-GPU AWS instances for $2.10 per hour. So for less that $20 you can crack 8-char passwords, from their hashes in an hour.

And the proof it's possible: German 'hacker' uses rented computing to crack hashing algorithm - Brute force PAYG hack attack cracks SHA1 hashes – for $2

The only effective defence is increasing the possibilities.

With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
"Science is about questioning the status quo. Questioning authority".
In the absence of evidence, opinion is indistinguishable from prejudice.

The start of some sanity?

In reply to Re^5: Password strength calculation by BrowserUk
in thread Password strength calculation by cavac

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.