frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

No Boss, No Money: The Raw Reality of China's Gen-Z Freelancers [video]

https://www.youtube.com/watch?v=eJZFUEQebbI
1•binyu•50s ago•0 comments

The OpenClaw Foundation

https://openclaw.ai/blog/introducing-openclaw-foundation
1•hrudolph•7m ago•0 comments

OpenAI's No. 2 Executive to Step Down in Latest Leadership Shake-Up

https://www.wsj.com/tech/openai-top-executive-fidji-simo-to-step-down-c3daca47
1•impish9208•9m ago•1 comments

28-Hour Day App

https://apps.apple.com/us/app/28-hour-day/id6752815000
2•28HourDev•12m ago•1 comments

Disney is exploring adding a free tier to Disney+ as YouTube draws TV viewers

https://www.businessinsider.com/disney-discusses-free-tier-viewers-youtube-2026-7
2•petethomas•16m ago•1 comments

Robots falling in love, DocSend reimagined, Wonder about net worth

https://www.marginpoints.com/issues/2026-07-08-ai-fundraising-agents-docsend-2026-wonder
1•historian1066•17m ago•0 comments

LA Metro: Ambient music played by live Los Angeles Metro data

https://metromusic.weisswideweb.com/
1•gnat•17m ago•1 comments

Federal Reserve announces leadership of its task forces for monetary policy

https://www.federalreserve.gov/newsevents/pressreleases/monetary20260709a.htm
2•petethomas•18m ago•0 comments

New ChatGPT desktop app combines Chat, Work, and Codex

https://help.openai.com/en/articles/20001276-moving-to-the-new-chatgpt-desktop-app
1•luckman212•19m ago•1 comments

Google pays $250K for Linux vulnerability, allowing guest VM escapes

https://arstechnica.com/security/2026/07/high-severity-guest-vm-escape-is-1-of-2-linux-vulnerabil...
1•redbell•19m ago•0 comments

RootMap – browse your photos by where you took them (free, local)"

https://apps.microsoft.com/detail/9nspfkjjx18s?hl=en-US&gl=US
1•StuMarkSez•23m ago•0 comments

Managed Agents by OpenComputer

https://www.managedagents.sh/
2•handfuloflight•27m ago•0 comments

Ask HN: Did Google give up in the AI Race?

4•franze•34m ago•8 comments

SensorFM: Towards a general intelligence and interface for wearable health data

https://research.google/blog/sensorfm-towards-a-general-intelligence-and-interface-for-wearable-h...
1•simonpure•34m ago•0 comments

GPT 5.6 Sol tops DeepSWE at 76% at 61% less cost than Fable

https://deepswe.datacurve.ai/
1•handfuloflight•37m ago•0 comments

Show HN: Context-aware AI social workspace to learn math

https://www.prooftree.ai
1•lemma1729•37m ago•0 comments

Rise of the Gen-Z Luddite

https://economist.com/united-states/2026/07/09/rise-of-the-gen-z-luddite
2•burntcaramel•39m ago•0 comments

What Is a Buffer? Bits/Bytes, Hex, Encoding, and TypedArray Memory

https://www.thenodebook.com/buffers/what-is-buffer
1•isht_0x37•39m ago•0 comments

The Thermodynamic Cost of Privacy

https://elma.dev/engineering/thermodynamic-cost-of-privacy
2•elmsec•40m ago•0 comments

Ignored Immune Upgrade [video]

https://www.youtube.com/watch?v=VF3RHOFC354
1•Bender•49m ago•0 comments

Cops Say Waymo Snitched on Teens for Allegedly Drinking and Shooting a Toy Gun

https://www.404media.co/waymo-called-police-on-teens-san-mateo/
5•Cider9986•50m ago•1 comments

Delsarte System of Dramatic Expression (1886)

https://publicdomainreview.org/collection/delsarte-system/
2•tylerdane•52m ago•2 comments

Get features faster with Chrome's two-week release cycle

https://developer.chrome.com/blog/chrome-two-week-release
1•Cider9986•52m ago•0 comments

Show HN: BastionRoute – A zero trust network access with zero inbound ports

https://github.com/klauscam/BastionRoute
1•tuta88•52m ago•1 comments

RegTech/Fintech Factory – Help Me

https://homeofficeosllc.com/
1•ervis441•54m ago•0 comments

QuerySelector Immediate Children With:Scope

https://siderite.dev/blog/queryselector-immediate-children-with-scope
1•gslin•55m ago•0 comments

A clean Full Screen Clock Online for any device –PC, laptop, tablet, or mobile

https://citytime.io/fullscreen-clock
3•rajkverma123•1h ago•0 comments

Graduating without a thesis: meet the people getting 'practical' PhDs in China

https://www.nature.com/articles/d41586-026-01242-z
1•sohkamyung•1h ago•0 comments

Fable is SOTA at CIFAR Speedrun: lessons on AI R&D automation

https://fulcrum.inc/2026/07/09/fable-cifar-speedrun.html
3•etherio•1h ago•0 comments

Gates Heir's Shopping App Took Credit for Sales It Didn't Drive

https://www.bloomberg.com/news/articles/2026-07-09/gates-heir-s-shopping-app-took-credit-for-sale...
4•toomuchtodo•1h ago•1 comments