frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Software, from First Principles

https://fazamhd.com/mental-models/software/
1•faza•1m ago•0 comments

Show HN: Updated my landing page with Fable (retro pixel style)

https://www.tryguildly.com/
1•spiken23•1m ago•0 comments

Cadreen – memory, governance, self-healing, and execution as one system

1•ope_john•1m ago•0 comments

Best 3D Modeling Apps for iPad and Android (2026)

https://bambu3design.com/best-3d-modeling-apps-for-ipad-android-2026-create-3d-models-anywhere/
1•ehsanamel•3m ago•0 comments

You don't need Electron to build native apps in TypeScript [video]

https://www.youtube.com/watch?v=o5RDfAmzE7s
1•arbayi•4m ago•0 comments

AI First: How the Federal Government Is Prioritizing AI over People and Planet

https://stopgreedbuildgreen.climateandcommunity.org/posts/ai-first
2•eatox•8m ago•0 comments

Gaza's Children

https://gazaschildren.com/
4•abdelhousni•11m ago•2 comments

The Lost World (1925) [video]

https://archive.org/details/the.-lost.-world.-1925.1080p.-blu-ray.x-264-sadpanda
1•petethomas•12m ago•0 comments

New serious vulnerabilities spiked around release of Claude Mythos Preview

https://epoch.ai/data-insights/cve-severity-spike
1•cubefox•13m ago•0 comments

Show HN: Pulse v0.2.0

2•xerrs•14m ago•0 comments

AI inference is obviously profitable

https://www.seangoedecke.com/ai-inference-is-obviously-profitable/
1•emirb•15m ago•1 comments

Africans Are Turning to Starlink

https://www.economist.com/middle-east-and-africa/2026/07/02/africans-are-turning-to-starlink
6•bookofjoe•21m ago•1 comments

Ads in ChatGPT

https://ads.openai.com/
3•vlan121•21m ago•3 comments

RememberLI

https://github.com/KlausSchaefers/rememberli
1•klausschaefers•22m ago•0 comments

Special forces ban Volvo/Chinese electric cars over spying fears

https://www.telegraph.co.uk/news/2026/07/03/special-forces-bans-chinese-cars-spying-fears-volvo/
4•cwwc•22m ago•0 comments

Show HN: Mlx-serve – LLM inference server for Apple Silicon, written in Zig

https://mlxserve.com/
1•ddalcu•23m ago•1 comments

MiniKotlin – A Kotlin Compiler That Runs in a Browser Tab

https://minikotlin.run
1•TheWiggles•26m ago•0 comments

Show HN: ContextCodeCache in Rust

https://github.com/colwill/ccc
1•colwont•26m ago•0 comments

Show HN: Maestro – scaffold Go microservices and keep them in sync

https://github.com/Zagforge-Org/maestro
1•anzedev•26m ago•1 comments

Collabora Office 26.04 Keeps AI Optional and Refines Writer and Calc

https://itsfoss.com/news/collabora-office-26-04/
1•mmarian•28m ago•0 comments

Mistralai/Leanstral-1.5-119B-A6B

https://huggingface.co/mistralai/Leanstral-1.5-119B-A6B
2•satvikpendem•29m ago•0 comments

Meta AI chief says their coming LLM has caught up with OpenAI's flagship model

https://www.businessinsider.com/meta-ai-model-catches-up-openai-gpt-5-says-2026-7
2•maxloh•29m ago•0 comments

Sumit Rana to Step Away from Epic

https://www.healthcareittoday.com/2026/07/03/breaking-news-sumit-rana-to-step-away-from-epic/
1•Forge36•33m ago•0 comments

Ask HN: What did you fail at and what did you learn from it?

2•basilikum•33m ago•0 comments

Jj v0.43.0 Released

https://github.com/jj-vcs/jj/releases/tag/v0.43.0
1•birdculture•35m ago•0 comments

Camera with transparent display launches for the equivalent of $29

https://www.notebookcheck.net/Camera-with-transparent-display-launches-for-the-equivalent-of-29.1...
2•yread•35m ago•1 comments

Congressman says hack of his Signal account proves app is unsecure. Is it true?

https://san.com/cc/congressman-says-hack-of-his-signal-account-proves-app-is-unsecure-is-it-true/
3•devonnull•39m ago•1 comments

Show HN: How clanker are you? A reverse Turing test

https://howclankerareyou.com/
3•niklio•45m ago•1 comments

Ross Spiral Curriculum

https://spiral.ross.org/spiral/#/
1•el3ctron•47m ago•0 comments

Palantir and the NHS – things you need to know

https://theconversation.com/palantir-and-the-nhs-10-things-you-need-to-know-281165
1•abdelhousni•47m ago•1 comments