frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Anyone Mosh Coding Yet?

https://moshcoding.com
1•buffer_overlord•40s ago•0 comments

Why Industry 5.0 is more than AI-powered analytics

https://geekyants.com/blog/industry-40-built-visibility-industry-50-must-automate-decisions-says-...
1•Krishnaswaroop•2m ago•0 comments

Soaring 'McMansion' insurance prices create opening for commercial group

https://www.ft.com/content/e5c6684b-f401-405a-86f2-b5e96cb535a1
1•petethomas•4m ago•0 comments

Bayeux Tapestry delivered to British Museum in dead of night

https://www.bbc.co.uk/news/articles/cly9r54e5r4o
1•zeristor•4m ago•0 comments

Elvebredd for iOS

https://apps.apple.com/us/app/elvebredd/id6760745063
1•klausmikelson•6m ago•0 comments

The Feel-Good Story of the World Cup Is Too Good to Be True

https://www.theatlantic.com/technology/2026/06/world-cup-tourists-america/687572/
1•mmooss•7m ago•0 comments

Promising inference software, written in Zig

https://zml.ai/posts/llmd/
1•sachamorard•11m ago•0 comments

Turn off this Meta setting before someone generates AI images of you

https://www.malwarebytes.com/blog/ai/2026/07/turn-off-this-meta-setting-before-someone-generates-...
1•taubek•14m ago•0 comments

TinyToT – Tree of Thoughts Inference Server

https://github.com/guilt/TinyToT
1•vkaku•14m ago•1 comments

AI subscriptions cut quotas and raised prices in early 2026

https://wellstsai.com/en/post/ai-subscription-shakeout-2026-claude/
1•Tint6666•16m ago•0 comments

Reuters World News Podcast

https://www.reuters.com/podcasts/reuters-world-news/
1•gurjeet•17m ago•0 comments

China's provinces asked to bail out risk-fraught regional banks

https://www.chinabankingnews.com/p/chinas-provinces-asked-to-bail-out
2•andsoitis•28m ago•0 comments

Publishers Are Preparing to Opt Out of Google Search

https://www.adweek.com/media/publishers-opt-out-google-search/
5•giuliomagnifico•31m ago•0 comments

Lisp as the Maxwell's Equations of Software

https://michaelnielsen.org/ddi/lisp-as-the-maxwells-equations-of-software/
13•andsoitis•31m ago•1 comments

Experiment with tiny quantum universe: time 'arises' from changes in disorder

https://www.sciencedaily.com/releases/2026/07/260709160632.htm
1•alok-g•32m ago•1 comments

Neuralwatt Doubling the Price

https://portal.neuralwatt.com/pricing
2•MehrdadKhnzd•33m ago•0 comments

The great AI data centre cover-up

https://www.ft.com/content/7800ba0f-1420-49fe-b260-9838632a19a4
2•1vuio0pswjnm7•41m ago•1 comments

AI Investors Buying Accounting Companies and Force Them to Use OpenAI [video]

https://www.youtube.com/watch?v=2dp98vEGWq0
2•xbmcuser•44m ago•0 comments

Zeno's Paradox and Infinite Sums – Lectures on Infinity (Lecture 1) [video]

https://www.youtube.com/watch?v=4Y9p0yp8Mow
2•FillMaths•46m ago•0 comments

Italy privacy watchdog fines Character.ai owner over age-check failures

https://www.reuters.com/business/italy-privacy-watchdog-fines-characterai-owner-over-age-check-fa...
1•1vuio0pswjnm7•46m ago•0 comments

Hypeplan: Turn plans into terminal keynote speeches

https://github.com/martinrue/hypeplan
1•afisxisto•46m ago•1 comments

Semantic Fingerprinting Made Easy

https://github.com/thorwhalen/guise
1•ankitg12•54m ago•0 comments

Show HN: Zero2Robot – free, open source interactive textbook for robot learning

https://zero2robot.com/
1•kaushikbokka•55m ago•0 comments

Ask HN: Recommend a Local LLM Setup (M2 Max, 9GB)

1•balivandi•57m ago•0 comments

Show HN: Short SciFi/Fantasy Index

https://quasar.fyi/
1•FifthRocket•58m ago•1 comments

Ask HN: How do I get immoral AI?

2•nasaok•58m ago•1 comments

Best Job Oriented Courses in India: Guide, Rules and Benefits

https://www.smfgindiacredit.com/knowledge-center/best-job-oriented-courses-in-india.aspx
1•saumyaraut11•1h ago•0 comments

Show HN: World Clock with Twilight/Night Overlayed on Map

http://nixon-development.com/worldclock/
1•plun9•1h ago•0 comments

Ukraine's Drones Are Now Reaching Siberia and Imperiling Russian Energy Assets

https://www.wsj.com/world/ukraines-drones-are-now-reaching-siberia-and-imperiling-russian-energy-...
2•JumpCrisscross•1h ago•0 comments

Tech volatility hits highest since dot-com bust next to S&P 500

https://fortune.com/2026/07/07/tech-volatility-hits-highest-since-dot-com-bust-sp-500/
2•1vuio0pswjnm7•1h ago•0 comments