frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Leantime: Project management, built with ADHD, Autism, and dyslexia in mind

https://github.com/Leantime/leantime
1•nateb2022•1m ago•0 comments

I Bought the $3k Fitness Suit That Electrocutes You. I'm Sending It Back

https://www.404media.co/i-bought-the-3-000-fitness-suit-that-electrocutes-you-im-sending-it-back/
1•ValentineC•2m ago•1 comments

NASA's Hubble Discovers First of Star Cluster's Missing Black Holes

https://science.nasa.gov/missions/hubble/nasas-hubble-discovers-first-of-star-clusters-missing-bl...
2•Jimmc414•5m ago•0 comments

Economic Possibilities for our Grandchildren (1931)

https://fermatslibrary.com/s/economic-possibilities-for-our-grandchildren
1•mustaphah•11m ago•1 comments

In Federal Prisons, Some Guards Use Fear and Violence to Stifle Complaints

https://www.themarshallproject.org/2026/07/13/california-federal-prison-abuse
3•Jimmc414•12m ago•0 comments

Tab. – a public ledger for tracking money friends owe you

https://thetab.io
2•concentric•13m ago•1 comments

LAPD Regularly Pulled over Innocent People Plate Readers Flagged Cars as Stolen

https://www.404media.co/lapd-regularly-pulled-over-innocent-people-because-license-plate-readers-...
3•Jimmc414•13m ago•1 comments

Dressed to Kill: Fashion Throughout Bond Eras

https://dressed-to-kill.vercel.app/
2•atlasunshrugged•14m ago•1 comments

Musk's Starlink Socks Customers with $1500 'High Demand' Surcharge

https://www.techdirt.com/2026/07/13/musks-starlink-socks-customers-with-1500-high-demand-surcharge/
4•lemonberry•16m ago•0 comments

Ask HN: What are your personal websites?

3•basilikum•16m ago•1 comments

BYD surpasses Tesla in global race; 'do-or-die' crisis in China's market

https://www.scmp.com/business/china-evs/article/3359708/byd-surpasses-tesla-global-race-do-or-die...
3•breve•17m ago•0 comments

The pelican benchmark is doubtful, let's draw MacBook Pro in SVG. Is Fable best?

https://playcode.io/blog/macbook-svg-benchmark
2•ianberdin•18m ago•0 comments

ORA – AI coding agent that blocks its own commits if security scan fails

https://auremcto.com/
2•tjsandhu•21m ago•0 comments

Michigan says diarrhea outbreak may be linked to lettuce, salad greens

https://www.cnn.com/2026/07/13/health/cyclospora-parasite-diarrhea-outbreak-increase
3•Bender•21m ago•0 comments

Israel's Operation to Cultivate Ahmadinejad

https://www.nytimes.com/2026/07/13/us/politics/israel-mahmoud-ahmadinejad-iran.html
3•u1hcw9nx•22m ago•1 comments

Manifest Man

https://www.thenewcritic.com/p/manifest-man
2•ekluger•25m ago•0 comments

Lobste.rs is now running on SQLite

https://lobste.rs/s/ko1ji1
15•abetusk•30m ago•0 comments

Forgein – portable context layer for AI tools, native MCP server (MIT CLI)

https://app.forgein.ai
2•shadowmodder•31m ago•0 comments

Which Professional Credentials Actually Matter?

https://corvi.careers/blog/which-certifications-matter-by-job-family/
4•sp1982•35m ago•0 comments

What your dog's vet bill says about America's health care system (2016)

https://www.cbsnews.com/news/what-your-dogs-vet-bill-says-about-americas-healthcare/
2•paulpauper•36m ago•0 comments

The American suburbs are better than you think

https://www.noahpinion.blog/p/the-american-suburbs-are-better-than
5•paulpauper•36m ago•0 comments

Ask HN: How do you troubleshoot desktop Linux crashes/freezes?

2•Curiositry•40m ago•0 comments

Wyoming's 'Explosive Diarrhea' Cases Double, Linked to Travel Outside of U.S.

https://cowboystatedaily.com/2026/07/13/wyomings-explosive-diarrhea-cases-double-linked-to-travel...
5•Bender•41m ago•1 comments

Show HN: Nihonpost – I parsed Japan Post's KEN_ALL.CSV so you don't have to

https://github.com/Thiya11/nihonpost
3•kitsunechaos•46m ago•0 comments

Ask HN: AI Agent and harness containerization/security recommendations

2•dv35z•46m ago•0 comments

‘Asia's cleanest village’ bans tourists on Sundays

https://www.bbc.com/travel/article/20260625-why-asias-cleanest-village-bans-tourists-on-sundays
8•gmays•46m ago•1 comments

Trump Shrinks Grand Staircase-Escalante and Bears Ears National Monuments

https://www.sltrib.com/news/environment/2026/07/13/president-trump-shrinks-bears-ears/
4•almog•47m ago•0 comments

Four awful new privacy-eroding features from Meta in a month

https://manualdousuario.net/en/meta-instagram-ai-facial-recognition/
6•rpgbr•49m ago•0 comments

Show HN: I built a one-prompt hackathon platform, free entry, sponsored prizes

https://1shotchallenge.ai
6•lucasmartinic•51m ago•0 comments

" We care deeply about your privacy and respect customer choice"

https://twitter.com/spacexai/status/2076692402442846289
4•telotortium•53m ago•0 comments