frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Beyond Horizon analysis: Planet Labs – persistent friction

https://beyondhorizonforesight.substack.com/p/beyond-horizon-analysis-planet-labs
1•beyondhorizonfs•40s ago•0 comments

Testing Claude Sonnet 5's agentic claims

https://developer.puter.com/blog/claude-sonnet-5-puter-js/
1•reynaldi•3m ago•0 comments

How to Survive 3 Years in North Korea as a Foreigner

https://mydiplomaticlife.com/how-to-survive-3-years-in-north-korea-as-a-foreigner/
1•chipndale•5m ago•1 comments

A First Course in Causal Inference

https://arxiv.org/abs/2305.18793
1•Anon84•8m ago•0 comments

Why Major Tech Companies Are Investing in Video Streaming Architecture

https://www.forbes.com/councils/forbestechcouncil/2026/07/02/the-real-reason-major-tech-companies...
1•mondainx•10m ago•0 comments

Costco Is the Anti-Amazon

https://phenomenalworld.org/analysis/the-anti-amazon/
1•bookofjoe•11m ago•1 comments

The Inside Story Of Leverage Research 1.0

https://lydialaurenson.substack.com/p/the-inside-story-of-leverage-research
1•bluepeter•11m ago•0 comments

Factories Are Just Rooms

https://interconnected.org/home/2026/07/03/factories
1•arbesman•12m ago•0 comments

Agentic Symphony: Multi-Agent Collaboration for Emergent Musical Composition

https://www.youtube.com/watch?v=QMUXoImgTIA
1•dennisjoseph•12m ago•0 comments

PrivAiTe: Self-hosted proxy that redacts PII from LLM calls, incl. tool-calls

https://github.com/crp4222/PrivAiTe
1•crp4222•13m ago•0 comments

Another Side Project

https://myprolink.info/
1•mr_betamax•15m ago•0 comments

What we learned building a multi-agent PDF table extractor

https://unstract.com/blog/multi-agent-pdf-table-extraction/
1•naren87•15m ago•0 comments

America, 1926: What a Forgotten 100-Year-Old Report Says About Who We Are

https://www.derekthompson.org/p/america-1926-an-absurdly-deep-dive
1•momentmaker•17m ago•0 comments

Why are we still uploading PDFs just to compress them?

https://lumli.io/blog/pdf-compression-cloud-subscription-2026
1•lumli•18m ago•0 comments

Best Simple System for Now

https://dannorth.net/blog/best-simple-system-for-now/
2•daan-k•19m ago•0 comments

Show HN: AI latent space with overlapping manifolds

https://github.com/PJHkorea/Egregore/blob/main/integrated_egregore_core_test_v6_4.py
1•PJHkorea•20m ago•3 comments

The Honest SendGrid Inbound Parse Alternative – MailKite

https://mailkite.dev/blog/sendgrid-inbound-parse-alternative/
1•bucabay•21m ago•0 comments

Jamesob's guide to running SOTA LLMs locally

https://github.com/jamesob/local-llm
2•livestyle•22m ago•0 comments

It Still Can't Do My Job: Four Years of Moving Goalposts (2022–2026)

https://publicznyprofil.github.io/ai_cant_do_your_work/
11•mydreamof•23m ago•5 comments

The and Justice for All" Book Club

https://markmbello.substack.com/p/please-join-us-tomorrow
1•lawsuitllc•24m ago•0 comments

Battery startups see 'crazy' demand to smooth power surges in data centers

https://www.ft.com/content/55c10ef1-1589-47b2-9fa8-a2a04f5cf316
2•alephnerd•26m ago•0 comments

Dropway: Share LLM artifacts with your team

https://www.hugedomains.com/domain_profile.cfm?d=dropway.com
1•d_pang•27m ago•0 comments

Show HN: SigRank – Competitive Stat Screen and Operator Performance Evals O7

https://github.com/SunrisesIllNeverSee/sigrank-app
1•Burnmydays•28m ago•0 comments

Golden Paths Weren't Built for Agents

https://www.massdriver.cloud/blogs/golden-paths-werent-built-for-agents-part-1
1•mooreds•29m ago•0 comments

AI coding is addictive. Engineers are paying the price

https://leaddev.com/ai/ai-coding-is-addictive-engineers-are-paying-the-price
3•sefrost•31m ago•1 comments

Mistral vs. Claude on our onboarding: 4× faster, 30% cheaper

https://squidler.io/blog/eu-models-1-discovery-mistral
1•tidbeck•34m ago•0 comments

How Fighter Jets Lock on (and How the Targets Know) (2014)

https://gizmodo.com/how-fighter-jets-lock-on-and-how-the-targets-know-1644871272
3•downbad_•34m ago•2 comments

Give Smart People the Tools to Do Smart Things

https://superuserdone.com/posts/2026-07-03-give-smart-people-the-tools/
2•SuperUserDone•36m ago•0 comments

Well, the Steam Machine was pretty cool for the 20 minutes that it worked

https://old.reddit.com/r/steammachine/comments/1ulzo6a/well_the_steam_machine_was_pretty_cool_for...
1•HelloUsername•36m ago•0 comments

Pilot Shell: Spec-driven plans; enforced quality gates; persistent knowledge

https://github.com/maxritter/pilot-shell
1•sea-gold•36m ago•0 comments