frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Show HN: Dejavu, stop showing coding agents the same command output twice

https://github.com/Salnika/dejavu
1•salnika•3m ago•0 comments

Libc Is Everywhere

https://lemmy.ml/post/49745317
1•tracyspacy•4m ago•0 comments

Powerful and Achievable Ways to Disempower the Police State Through State Law

https://cmarmitage.substack.com/p/powerful-and-achievable-ways-to-disempower
1•JumpCrisscross•5m ago•0 comments

MIRA: Multiplayer Interactive World Models with Representation Autoencoders

https://github.com/mira-wm/mira
1•bogdiyan•6m ago•0 comments

1099 threshold 2026: now $2k, not $600

https://taliivue.com/blog/1099-threshold-2026/
1•speckx•7m ago•0 comments

Ask HN: Fable Thread (July 12th Edition)

2•andai•8m ago•1 comments

Software Ownership Is Rotting. Can We Archive It?

https://philipp.substack.com/p/software-ownership-is-rotting-can
1•_1tan•8m ago•1 comments

Terminator 2: Judgment Day Got a Glow Up and Is Heading Back to the Big Screen

https://reactormag.com/terminator-2-judgment-day-theater-release-tickets-dates/
1•mooreds•10m ago•0 comments

Ask HN: If AI makes building trivial, what's the advantage for a SaaS in 2026?

https://kasspian.com/guides/is-saas-dead-in-the-age-of-ai
1•izhonline•10m ago•0 comments

Show HN: CLRK, an open-source agent runtime with gVisor and MitM guardrails

https://github.com/apoxy-dev/clrk
1•dilyevsky•15m ago•0 comments

Creative Directing AI Built SaaS, as a Service

https://www.hyoomn.com/?ai
1•krm01•16m ago•0 comments

A full server/agent management tool for iPhone

https://apps.apple.com/fr/app/onepilot-ssh-shell-terminal/id6759485908
2•Sofiane_8910•17m ago•0 comments

Neuronpedia, an open source platform for AI interpretability

https://www.neuronpedia.org/
1•rzk•18m ago•0 comments

Quit trying to keep up with every new AI tool and keep building

https://www.dynatrace.com/news/blog/quit-trying-to-keep-up-with-every-new-ai-tool-and-keep-building/
1•mooreds•18m ago•0 comments

Show HN: DataGridXL v3, High Performance Excel-Like Data Grid

https://datagridxl.com
1•robbiejs•20m ago•0 comments

Abnormal.ai Response to Anthropic Lawsuit

https://abnormal.ai/blog/abnormal-response-to-anthropic-lawsuit
1•babelfish•20m ago•0 comments

I built a tiny proxy that gives GLM 5.2 vision (or any text LLM) – MIT

https://github.com/thomasunise/visionbridge
2•thomasunise•23m ago•0 comments

Show HN: Q a REPL for LLM inside the terminal

https://github.com/alaa-alawi/q
1•alaaalawi•23m ago•0 comments

Code is overpaying for AI. /tokendiet finds where

https://tokendiet.dev/
1•eMoka•23m ago•2 comments

A New Foundation for Tuxedo OS: Switching to Debian

https://www.tuxedocomputers.com/en/A-new-foundation-for-TUXEDO-OS-Switching-to-Debian.tuxedo
2•DavideNL•23m ago•0 comments

Sets up your AI agent for Cloudflare

https://developers.cloudflare.com/agent-setup/prompt.md
1•gurjeet•24m ago•0 comments

Hudson News self-checkout terminals add 3% "employee benefit" surcharge in NY

https://twitter.com/_ZachGriff/status/2074538643465683065
2•ilamont•24m ago•1 comments

Ask HN: Google's chilling effects on expressing democratic dissent

1•terabytest•24m ago•0 comments

Squish, a local LLM inference server for Apple Silicon

https://squish.run/blog/local-llm-fast-enough/
1•wscholl•25m ago•0 comments

Doing front end changes via LLMs is pain in the a*

https://github.com/mi60dev/visionaire-engine
1•mishonyAI•26m ago•1 comments

Show HN: Xls-reader – read legacy .xls in the browser, no upload, zero deps

https://zanlucathiago.github.io/xls-reader/demo.html
1•thiagozanluca•26m ago•0 comments

Proximity to Golf Courses and Risk of Parkinson Disease

https://jamanetwork.com/journals/jamanetworkopen/fullarticle/2833716
2•bookofjoe•27m ago•0 comments

AI Neovim

https://github.com/s2xon/aeovim/
1•s2xon•28m ago•1 comments

Show HN: Last EHR – AI agent over a FHIR back end with human approval on writes

https://www.lastehr.com
1•betzsoftware•30m ago•0 comments

Muse Image and Muse Video

https://ai.meta.com/blog/introducing-muse-image-muse-video-msl/?_fb_noscript=1
2•surprisetalk•30m ago•0 comments