frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Telstra outage blamed on known bug in obsolete server

https://ia.acs.org.au/article/2026/telstra-outage-blamed-on-known-bug-in-obsolete-server.html
1•shakna•4m ago•0 comments

We don't let the LLM decide what's clinically allowed

https://www.hamo.ai/blog/taking-the-clinical-decision-out-of-the-llm/
1•chrischengzh•5m ago•0 comments

Trust but Verify? Uncovering the Security Debt of Autonomous Coding Agents

https://arxiv.org/abs/2607.12428
1•Timofeibu•7m ago•0 comments

Xtree Fan Page

https://www.xtreefanpage.org/
1•razodactyl•7m ago•0 comments

Google and Epic stop fighting – third-party Android app stores coming next week

https://www.theverge.com/policy/965792/google-epic-withdraw-injunction-third-party-app-stores-com...
1•OuterVale•11m ago•0 comments

Show HN: I open-sourced the portal I built for a client's vibe-coded apps

https://github.com/menagerai/menagerai
1•tipani•13m ago•1 comments

Threading the AI in the UI for a personal app

https://millfolio.app/blog/millwright-ui-layers/
1•winding•15m ago•0 comments

Colombian Public School Reaches Top in Best School Prizes 2026

https://colombiaone.com/2026/07/13/colombian-public-school-reaches-top-10-in-worlds-best-school-p...
1•thunderbong•17m ago•0 comments

Poland begins construction of €2.3B deepwater port on Baltic coast

https://notesfrompoland.com/2026/07/14/poland-begins-construction-of-e2-3bn-deepwater-port-on-bal...
1•cromka•17m ago•0 comments

Is this the end of the once-mighty GoPro?

https://amateurphotographer.com/latest/photo-news/going-going-gone-is-this-the-end-of-the-once-mi...
1•aanet•21m ago•1 comments

Using One Agent Across Multiple Machines

https://syncless.ai/articles/let-syncless-across-your-environments
1•mountainview•22m ago•0 comments

The Matter of Taste(2018)

https://www.callum.website/the-matter-of-taste
1•num42•31m ago•0 comments

AgentCall – turn any coding agent into a live meeting participant

https://agentcall.dev
3•Marium_zehra•31m ago•0 comments

From Sawdust to Paw Patrol: The Spin Master Story (With Ronnen Harary) [audio]

https://www.econtalk.org/from-sawdust-to-paw-patrol-the-spin-master-story-with-ronnen-harary/
1•mooreds•32m ago•0 comments

Stripe, Advent offer to buy PayPal for more than $53B

https://www.reuters.com/business/finance/stripe-advent-offer-buy-paypal-more-than-53-billion-sour...
8•rvz•35m ago•3 comments

Atto Primo Oh God Opera Song

https://open.spotify.com/album/7DTggs1Cj2YcOmuJUWjjM4
1•mjbachhav•35m ago•0 comments

Show HN: GWZ – Git Workspace Zone (multi-repo that feels like plain Git)

2•owebeeone•39m ago•0 comments

The great flattening – article on Vorflux (launched by Rippling co-founder)

https://twitter.com/myprasanna/status/2077065557204222238
1•vardhanw•40m ago•1 comments

Sunburn Calculator

https://sunburntimer.com/
2•ckcheng•40m ago•0 comments

Make any winning ad yours

https://trykopykat.com/
1•justinbuilds•41m ago•1 comments

Our Company Was Worth $6B. We Shared Passwords over Slack

https://www.cerby.com/blog/our-company-was-worth-6-billion.-we-shared-passwords-over-slack
1•mooreds•42m ago•0 comments

Mr. Putin, where is the gas?

https://kyivindependent.com/mr-putin-where-is-the-gas/
1•dotcoma•48m ago•0 comments

Cell Just Changed Biology

https://www.youtube.com/watch?v=g9B3gBhcwqM
1•soupspaces•49m ago•0 comments

Data Showing Palantir's Positive Impact on NHS Riddled with Errors

https://novaramedia.com/2026/07/13/data-showing-palantirs-positive-impact-on-nhs-riddled-with-err...
4•notRobot•50m ago•1 comments

Mako: A Self-Evolving Agentic Operating System for Autonomous Web Exploitation

https://arxiv.org/abs/2607.11288
1•praneethn•50m ago•0 comments

Google Images is getting a visual refresh as it turns 25

https://www.neowin.net/news/google-images-is-getting-a-visual-refresh-as-it-turns-25/
1•bundie•53m ago•1 comments

CoreWeave considers derivatives to hedge against falling memory prices

https://finance.yahoo.com/markets/options/articles/exclusive-ai-cloud-company-coreweave-235016062...
1•mapping365•54m ago•0 comments

Flap Display//SF Ferries

https://www.chloeyan.me/ferry
1•audreyfei•1h ago•0 comments

I thought I had a good homelab

https://humanparadox.org/i-thought-i-had-a-good-homelab/
1•colingauvin•1h ago•0 comments

Can't English be considered an indigenous Indian language, asks Supreme Court

https://www.thehindu.com/news/national/cant-english-be-considered-an-indigenous-indian-language-a...
2•thisislife2•1h ago•1 comments