frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Show HN: Mochi Analytics

https://www.mochianalytics.com
1•devtanna•1m ago•0 comments

Ask HN: Do you like your AI more than your coworker?

1•general_reveal•1m ago•0 comments

In the Weights

https://intheweights.com
1•dash2•3m ago•0 comments

Bounding the Blast Radius: A Survey of Prompt-Injection Defenses for LLM Agents

https://fabraix.com/blog/nobody-has-solved-prompt-injection
1•ibrahim_abdu777•4m ago•0 comments

What Happens When AI Agents Can Pay Their Own Bills

https://self-sovereign-agent.github.io/
1•_pdp_•9m ago•0 comments

Higher blood glucose levels linked to faster brain aging

https://medicalxpress.com/news/2026-07-higher-blood-glucose-linked-faster.html
1•XzetaU8•10m ago•0 comments

Supply Chain Attack Campaign PolinRider

https://socket.dev/supply-chain-attacks/polinrider
1•_____k•10m ago•0 comments

Poll: Is there an AI bubble?

1•networked•11m ago•0 comments

Generative AI without guardrail can harm learning:Evidence from high school math

https://www.pnas.org/doi/10.1073/pnas.2422633122
1•teleforce•12m ago•0 comments

Tribe in Colorado brings utility scale solar project online

https://www.npr.org/2026/07/06/nx-s1-5779756/despite-stiff-political-headwinds-tribe-in-colorado-...
2•geox•16m ago•0 comments

Claude Code deletes conversations after 30 days

1•mieubrisse•17m ago•0 comments

Adding Homemade TLS to a Homemade Web Server

https://www.dmytrohuz.com/p/adding-homemade-tls-to-a-homemade
1•dmyhuz•22m ago•0 comments

Euclid scientists discover most distant known quasars

https://www.euclid-ec.org/most-distant-quasars/
1•robin_reala•22m ago•0 comments

Ask HN: What is your go-to prompt to prove AI can be wrong?

1•throwaway_887•25m ago•0 comments

Ask HN: Do you guys struggle with finding a right person for your FDE role?

1•getelementbyiq•32m ago•0 comments

Experts offer advice on performing endurance events in excessive heat

https://news.northeastern.edu/2026/07/02/cycling-in-extreme-heat-tour-de-france/
1•ano-ther•33m ago•0 comments

Read Rust Like a Chinese Character

https://dawaba.pages.dev/writing/sometimes-read-rust-like-a-chinese-character/
1•saint-evan•34m ago•1 comments

A Self-Improving Code World Model Agent

https://jdsemrau.substack.com/p/a-self-improving-code-world-model
1•ph4rsikal•37m ago•0 comments

Show HN: Kiwi – Run agentic dev loops in the cloud, keep keys on your laptop

https://github.com/ibreakthecloud/kiwi
1•harshvkarn•38m ago•0 comments

Plex debuts 5-year membership pass for $250

https://arstechnica.com/gadgets/2026/07/250-used-to-get-you-a-lifetime-plex-pass-now-you-get-a-fi...
1•AndrewDucker•38m ago•0 comments

Australia prosecuting Amazon for unilaterally modifying Prime terms [video]

https://www.youtube.com/watch?v=DV2-GLJ2FnM
1•dataflow•41m ago•1 comments

Show HN: I built notion database based no code form builder

https://ndbforms.myurll.in/
1•nookeshkarri7•41m ago•0 comments

The Hitchhiker's Guide to Agentic AI

https://arxiv.org/abs/2606.24937
2•jonbaer•41m ago•0 comments

Show HN: TV Time to Serializd Importer

https://chromewebstore.google.com/detail/tv-time-→-serializd-impor/cpcfkgcidilfibakiaohbekkanlk...
1•Gooblebrai•42m ago•0 comments

your competitor is 10x better than you

https://www.mentionedby.world/
2•aykhanstoic•45m ago•1 comments

What else happened in 1776 [video]

https://www.youtube.com/watch?v=nGMCowI4exk
1•iansteyn•46m ago•0 comments

Venice AI becomes a unicorn with its privacy-first AI platform takes off

https://techcrunch.com/2026/07/01/venice-ai-becomes-a-unicorn-with-65m-series-a-as-its-privacy-fi...
2•felixdoerp•48m ago•0 comments

China fires ballistic missile into Pacific nuclear-free zone

https://www.ft.com/content/c52f0a98-2e6a-4acc-a668-d4ce442c4aba
2•cwwc•50m ago•0 comments

Roll your own file-based router in under 50 lines of code

https://wasp.sh/blog/2026/07/01/roll-your-own-file-based-router
1•cprecioso•51m ago•0 comments

Who Survives Europe's Energy Crisis?

https://themerchantsnews.substack.com/p/who-survives-europes-energy-crisis
4•felixdoerp•52m ago•0 comments