frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

How to Be a Good open-source Maintainer

https://piechowski.io/post/how-to-be-a-good-open-source-maintainer/
1•grepsedawk•2m ago•0 comments

Show HN: Yaw – digital logbook for glider pilots

https://yawflight.com/
2•mantcz•3m ago•0 comments

Native-speed vLLM transformers modeling back end

https://huggingface.co/blog/native-speed-vllm-transformers-backend
1•simonpure•6m ago•0 comments

Google Vibe Coding vs. Agentic Engineering White Paper

https://www.kaggle.com/whitepaper-the-new-SDLC-with-vibe-coding
1•grepsedawk•7m ago•0 comments

Show HN: A tool that checks how your business appears in AI search

https://www.tryagentscore.com
1•nikhilsiyer•8m ago•0 comments

Every Way Meta Tracks You, and How to Stop It [video]

https://www.youtube.com/watch?v=Yv2Eb_kJous
1•nalekberov•11m ago•0 comments

DSS Code Prime

https://github.com/dailysoftwaresystems/dss-code-prime
2•rgasperetti•12m ago•0 comments

Are Argentina being treated favourably at World Cup?

https://www.bbc.co.uk/sport/football/articles/cx2wkwd7e6go
1•password54321•13m ago•0 comments

Show HN: Day planner shaped like a clock (2-way calendar and Todoist sync)

https://reassign.app
1•smuk3c•14m ago•0 comments

Adsb.fi

https://adsb.fi/
1•rolph•14m ago•0 comments

Lessons from the Vasa Shipwreck

https://www.ft.com/content/200a6c44-9b66-4af3-82eb-98acb53898e4
1•bookofjoe•16m ago•1 comments

'Acceleration without fuel:' superconducting thruster in first orbital test

https://www.space.com/technology/acceleration-without-fuel-revolutionary-superconducting-thruster...
1•breve•19m ago•1 comments

Remote sync, MCP, and an API for your Obsidian vault

https://github.com/8thpark/geode
2•pmihaylov•21m ago•0 comments

The neutral proof standard for consequential AI-agent actions

https://github.com/Actenon
1•Bucko1•24m ago•0 comments

How much and why ACA Marketplace premiums are going up in 2027

https://www.healthsystemtracker.org/brief/how-much-and-why-aca-marketplace-premiums-are-going-up-...
2•LostMyLogin•24m ago•0 comments

A Treatise on How to Use the Internet Without Committing Philosophical Suicide

https://pastebin.com/Ft7P5m9F
1•jxmorris12•29m ago•0 comments

North Korean Hackers Compromise Go and PHP Packages

https://opensourcemalware.com/blog/polinrider-jumps-the-fence
3•6mile•33m ago•1 comments

Rewriting Bun in Rust

https://bun.com/blog/bun-in-rust
37•afturner•33m ago•2 comments

Show HN: Screenstab (tilt-shift-style screenshots) is now free and open source

2•mikaelaast•35m ago•0 comments

CrowdSound: A Song Composed Anonymously by the Internet

https://web.archive.org/web/20191208165423/https://crowdsound.net/lyrics
2•Jomal_HN•38m ago•0 comments

Open Source Barware: free, local-first bar inventory software (GPLv3)

https://opensourcebarware.com
2•RichBJamison•40m ago•0 comments

Apple's AWDL causing periodic 90ms ping on LAN

https://twitter.com/tomaskafka/status/2074963014596366670
2•tomaskafka•42m ago•0 comments

Build Your World Cup Dream Team

https://7-0-game.com/
1•jeyzolo•43m ago•1 comments

More Workers Take Mental Health Leave, and Bosses Aren't Happy

https://www.bloomberg.com/news/articles/2026-07-08/mental-health-leave-is-rising-as-more-us-worke...
6•wslh•43m ago•3 comments

BitTorrent's disastrous, legendary, and controversial story

https://www.theverge.com/tech/959848/bittorrent-story-25-years-piracy
3•colinprince•45m ago•0 comments

Robust Secret Storage in Networks

https://arxiv.org/abs/2606.30261
1•Anon84•45m ago•0 comments

Show HN: Probed – Talk to your People. Customer chat, feedback, and roadmaps

https://probed.chat/
1•HeadOfProbing•45m ago•0 comments

Lucky young couple lands gig taking care of uninhabited Irish island

https://www.cbc.ca/lite/story/1.7477696
3•colinprince•46m ago•0 comments

Reframing smart glasses as 'pervert glasses'

https://this.weekinsecurity.com/reframing-smart-glasses-as-pervert-glasses/
8•g-b-r•46m ago•2 comments

Does the Recent SCOTUS Geofence Case Threaten Flock?

https://www.youtube.com/watch?v=R_fVvppq7rg
3•sbuttgereit•48m ago•1 comments