frontpage.
newsnewestaskshowjobs

Open Source @Github

fp.

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•1y ago

Comments

kemotep•1y ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Green is a Clojure library for building idempotent DevOps CLIs

https://github.com/amiorin/green
1•amiorin•47s ago•0 comments

Missouri declares state of emergency after life-threatening flash floods [video]

https://www.youtube.com/watch?v=yzx-XelvnMg
1•Bender•1m ago•0 comments

Red is a TypeScript/Bun library for building idempotent DevOps CLIs

https://github.com/amiorin/red
1•amiorin•1m ago•0 comments

Show HN: I made Claude explain like I'm 5, and AI fatigue disappeared

https://github.com/amebahead/explain-like-iam-five-rules
1•amebahead•3m ago•0 comments

OpenAI and Google sell AI models to blacklisted China groups

https://www.ft.com/content/5d6aafa1-5d47-4585-aa95-6ec06a6cd20f
2•1vuio0pswjnm7•5m ago•0 comments

Show HN: Rilavek – Stream FTP/SFTP/TUS uploads straight to S3, no disk buffer

https://rilavek.com
1•rilavek•10m ago•0 comments

DeepSeek-AI/DeepSeek-v3.2

https://huggingbay.xyz/artifact/hf-model-deepseek-ai-deepseek-v3-2
1•ASHOKGOUDK•10m ago•0 comments

Yiddish resource for elements of chaldean neo-aramaic and Biblical aramaic (1911

https://archive.org/details/nybc211294
1•marysminefnuf•10m ago•0 comments

Gilbert Strang Joins Anthropic

https://twitter.com/GilStrangMIT/status/2075666580990464489
1•elzed•11m ago•0 comments

Parsoid

https://www.mediawiki.org/wiki/Parsoid
2•debo_•13m ago•0 comments

What Every Python Developer Should Know About the CPython ABI

https://labs.quansight.org/blog/python-abi-abi3t
1•signa11•14m ago•0 comments

Show HN: Schedule tasks for your AI agents from Google Calendar

https://agentcaly.com/
2•matt413•17m ago•0 comments

Discord Goes Ban-Happy, Suspends People for Benign Images

https://gizmodo.com/discord-goes-ban-happy-suspends-people-for-benign-images-2000782587
1•gnabgib•17m ago•0 comments

Disappearing Polymorph

https://en.wikipedia.org/wiki/Disappearing_polymorph
1•moralestapia•18m ago•0 comments

Tripplet

https://www.tripplet.lol/
1•notnurb•20m ago•0 comments

User provider content is dangerous. Our experience

https://blast-radius.boomurl.me/
1•dorongrinstein•23m ago•1 comments

Shih Tzu History: From Royal Dogs to Beloved Companions

https://www.akc.org/expert-advice/dog-breeds/shih-tzu-history/
1•thunderbong•24m ago•0 comments

Show HN: I built a cold email platform with built-in inbox placement testing

https://spamcipher.com/
1•mainmin8t•25m ago•0 comments

Lite and Text Only News and Other Websites

https://bmk.neocities.org/
1•Bender•27m ago•0 comments

Show HN: Quantum-audit – CLI to scan NPM deps for quantum-vulnerable crypto

https://quantum-audit-site.vercel.app
1•Heavensinfinite•35m ago•0 comments

Meta found to breach EU laws with 'addictive' Instagram, Facebook designs

https://www.cnbc.com/2026/07/10/meta-instagram-facebook-addictive-design-breach-eu-laws.html
2•1vuio0pswjnm7•36m ago•0 comments

The Company That Owns AOL Gets a Million Job Applications–and Rejects 99.9%

https://www.wsj.com/business/bending-spoons-jobs-hiring-stock-eaed2b8e
1•JumpCrisscross•37m ago•2 comments

MDN has a page that shows every web API update as it hits each browser

https://developer.mozilla.org/en-US/plus/updates
4•luispa•48m ago•0 comments

Overview of 2026 wrench (physical) attacks on crypto holders

https://www.certik.com/blog/2026-wrench-attacks-overview
2•decimalenough•50m ago•0 comments

NYT article on opening of dachau (1933)

https://www.nytimes.com/1933/07/27/archives/nazi-prison-camps-to-be-permanent-building-going-on-a...
3•marysminefnuf•52m ago•0 comments

Scutoid Papercraft

https://www.patreon.com/vihart/posts/scutoid-and-111945080
2•ry-gr•53m ago•0 comments

Using a Vision Pro to help install a POE doorbell

https://old.reddit.com/r/Ubiquiti/comments/1ut1atj/how_i_retrofit_poe_doorbells/
2•js2•54m ago•1 comments

I've been building this alone for months. Roast it before I lose any more time

https://peakd.io
2•GroguMaster•1h ago•0 comments

Plain Text Sports

https://plaintextsports.com/
3•bwoah•1h ago•0 comments

Hacked Paxel as tribute for my YC Startup School 26' application

https://obaid.wtf/jotbook/2026/07/11/yc-startup-school-26-application-i-hacked-paxel.html
4•wtfobaid•1h ago•2 comments