Hi. On Tue, Nov 13, 2018 at 08:23:13AM -0800, pe...@easthope.ca wrote: > Hi, > > https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_good_password > specifies "6 to 8 characters". Is that adequate against currently available > brute force?
$ hashcat --session 6to8 -m1800 /tmp/hash -a3 ?a?a?a?a?a?a hashcat (v4.2.1) starting... OpenCL Platform #1: NVIDIA Corporation ====================================== * Device #1: GeForce GTX 1060 3GB, 753/3013 MB allocatable, 9MCU ... Session..........: 6to8 Status...........: Running Hash.Type........: sha512crypt $6$, SHA512 (Unix) Hash.Target......: $6$... ... Time.Estimated...: Tue Aug 11 17:56:28 2020 (1 year, 271 days) Guess.Mask.......: ?a?a?a?a?a?a [6] $ hashcat --session 6to8 -m1800 /tmp/hash -a3 ?a?a?a?a?a?a?a?a ... Session..........: 6to8 Status...........: Running Hash.Type........: sha512crypt $6$, SHA512 (Unix) Hash.Target......: $6$... ... Time.Estimated...: Next Big Bang (15988 years, 0 days) Guess.Mask.......: ?a?a?a?a?a?a?a?a [8] So, 6 characters is somewhat low (that GPU is outdated by today's standards). 8 characters seem ok. Reco
