frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Are Your Passwords in the Green? (2025)

https://www.hivesystems.com/blog/are-your-passwords-in-the-green
1•kemotep•2mo ago

Comments

kemotep•2mo ago
With NIST finally updating their standards to recommend 15 character password minimums last, I like to use their recommendations and compare them to these charts show how effective such a password would be.

Using E = L x log2(R), where E is entropy, L is number of characters in the password (15), and R is the total number of possible characters used (26 for all lowercase letters), you can get ~70 bits of entropy. Using a password manager like Bitwarden for a 15 character password using the full character set minus the ambiguous characters (65 characters total) leads to ~90 bits of entropy.

Using these charts and figures from the article, a well configured bcrypt setup means even the fastest computer systems still in 2025 cap out at 1 billion hashes per second for offline cracking (without getting into Nation States spending billions on just cracking your passwords, or dedicating all the world’s supercomputers or some other speculations). So to calculate how long it would take with a “realistic” password cracker in 2025, would use this formula:

((((((2^(70-1))/ 1 billion hashes per second)/ 60 seconds)/ 60 minutes)/ 24 hours)/ 365 days) to get ~18,700 years. (Nearly 20 billion years for the Bitwarden generated one)

But without a password filter checking for known bad passwords somewhere like Have I Been Pwned, even a 30 character password that has been leaked is useless. Would be instantly “cracked”. So I personally would have the password policy be:

1. 15 character minimum, no composition rules.

2. All passwords filtered for known bad passwords against HIBP.

3. Accounts protected by MFA.

4. Combination of network controls, best practices security configurations, and alerts and monitoring to help detect and limit/eliminate password guessing attacks, password database dumps.

Social Internet – Lost and Hungry

https://aneeshsathe.com/2025/07/07/social-internet-lost-and-hungry/
1•boredgargoyle•54s ago•0 comments

Unintended double encryption crippled our search engine performance

https://www.algolia.com/blog/engineering/unintended-double-encryption
1•philbo•3m ago•0 comments

Qualcomm at 40: From Disrupting Mobile to Playing the Long Game with PCs

https://www.pcmag.com/articles/qualcomm-at-40-from-disrupting-mobile-to-playing-the-long-game-with-pcs
3•Bluestein•7m ago•0 comments

I Lowered the CO2 in My House

https://christian.gen.co/co2/
1•enether•8m ago•0 comments

Tecno teases new Phantom Ultimate G Fold tri-fold concept

https://www.androidcentral.com/phones/tecno-phones/tecno-new-phantom-ultimate-g-fold-tri-fold-concept-tease
2•Bluestein•9m ago•0 comments

ChatGPT testing a mysterious new feature called 'study together'

https://techcrunch.com/2025/07/07/chatgpt-is-testing-a-mysterious-new-feature-called-study-together/
3•Bluestein•10m ago•0 comments

AI for Humanity?

https://www.diggitmagazine.com/ai-humanity
2•AntonioBarthes•14m ago•1 comments

Programming Extensible Data Types in Rust with CGP – Part 1: Modular App Constr

https://contextgeneric.dev/blog/extensible-datatypes-part-1/
3•todsacerdoti•16m ago•0 comments

Gemini Nano in Chrome 138: Notes for AI Engineers

https://github.com/swyxio/swyxdotio/issues/536
2•swyx•18m ago•0 comments

Leveraging Elixir's hot code loading capabilities to modularize a monolithic app

https://lucassifoni.info/blog/leveraging-hot-code-loading-for-fun-and-profit/
3•ronxjansen•18m ago•0 comments

Gyroflow: Advanced gyro-based video stabilization tool

https://gyroflow.xyz/
2•sbt567•19m ago•0 comments

A big shift in training LLMs led to a capability explosion

https://arstechnica.com/ai/2025/07/how-a-big-shift-in-training-llms-led-to-a-capability-explosion/
2•Brajeshwar•23m ago•0 comments

All Programming Languages Are Fast

https://orgpad.info/blog/all-programming-langs-are-fast
3•Bogdanp•24m ago•0 comments

New 1.5B router model achieves 93% accuracy without costly retraining

https://venturebeat.com/ai/new-1-5b-router-model-achieves-93-accuracy-without-costly-retraining/
2•rbanffy•25m ago•0 comments

Strategic Intelligence in Large Language Models: Evidence from Evolutionary GT

https://arxiv.org/abs/2507.02618
2•psychoslave•29m ago•0 comments

AI video becomes more convincing, rattling creative industry

https://business.inquirer.net/534603/ai-video-becomes-more-convincing-rattling-creative-industry
2•Brajeshwar•32m ago•1 comments

Blog Micro-Optimization

https://macwright.com/2025/05/22/blog-micro-optimization
2•fractiz•33m ago•0 comments

Emacs Comes to Life

https://twitter.com/Steve_Yegge/status/1942336357650817235
3•tosh•34m ago•0 comments

The first real-time ecological statistics website

https://www.planetoscope.com/
2•stosssik•36m ago•0 comments

Ask HN: How to effectively run a small dev community on WhatsApp?

2•pinter69•41m ago•0 comments

Show HN: Simple browser alarm clock with pomdoro, sleep timer and more

https://alarmandclock.com/
2•artiomyak•46m ago•0 comments

Ask HN: Has anyone else learned English just by reading tech posts (like HN)?

4•FerkiHN•54m ago•1 comments

Ask HN: Do you use LLM for HTML translations?

2•Mooty•55m ago•0 comments

Nvidia's newest top-tier AI supercomputers deployed for the first time

https://www.tomshardware.com/tech-industry/artificial-intelligence/nvidias-newest-top-tier-ai-supercomputers-deployed-for-the-first-time-grace-blackwell-ultra-superchip-systems-deployed-at-coreweave
3•Bluestein•55m ago•0 comments

AfriNIC: Hope, Hijack, and the Harsh Lessons of African Multistakeholderism

https://medium.com/@emmanuelvitus/afrinic-hope-hijack-and-the-harsh-lessons-of-african-multistakeholderism-8e8378797101
2•pabs3•58m ago•0 comments

The Problem with Microsoft

https://www.trevornestor.com/post/the-problem-with-microsoft
1•ah27182•59m ago•0 comments

MitM Flaw in Bitchat: Identity Is a Bitchat Challenge

https://www.supernetworks.org/pages/blog/agentic-insecurity-vibes-on-bitchat
2•spr-alex•1h ago•2 comments

Privacy Coins: Your 2025 Guide to Anonymous Crypto and Smart Opportunities

https://thecryptojournal.substack.com/p/privacy-coins-uncovered-your-2025
1•muzikman1•1h ago•0 comments

Are We Star Trek Yet?

https://arewetrekyet.com/
3•thunderbong•1h ago•0 comments

Tried the Solos AirGo V to See How They Compare with Meta Ray-Bans

https://lifehacker.com/tech/solos-airgo-v-smart-glasses-review
2•Bluestein•1h ago•0 comments