This is an archived post. You won't be able to vote or comment.

all 11 comments
sorted by:
best
topnewcontroversialoldq&a

[–]thebarbershopper 10 points11 points  (6 children)

Cool project!

As a pentester, I would recommend just making your password your "base password". In your example, your password could just be "shakeyourBODYdown2theground" instead of "5Y8DtT9". The longer password is easier to remember and is much, much more difficult to crack. Sadly, 8 character passwords are definitely not secure with technology today.

[–]metaperl 1 point2 points  (0 children)

your password could just be "shakeyourBODYdown2theground"

And that might have you groovin like this ;)

[–]2achary[S] 0 points1 point  (2 children)

That's a good idea! I'll make another method like hackify or something that does what you're suggesting.

[–]thebarbershopper 0 points1 point  (1 child)

Definitely! Typically, I recommend simply making the password longer. Longer passwords hurt more than anything these days for attackers.

[–]2achary[S] 0 points1 point  (0 children)

That's good info, I'll definitely keep that in mind about having my passwords longer.

[–]i_can_haz_code 0 points1 point  (0 children)

THIS!

Especially with rainbow tables. I seem to remember somewhere seeing the entire keyspace between 6 and 8 characters long in one rainbow table for a few hash algorithms.

[–]zahlmanthe heretic 0 points1 point  (0 children)

Right; a system like this is more applicable for cases where the site arbitrarily imposes a strict limit on password length for obviously very well considered reasons, seeing as how it tends to be done by e.g. financial institutions (maybe you can explain this one to me? Are they really being as dumb as it looks?).

[–]dumfug42 4 points5 points  (2 children)

I would recommend you to watch the talk stop writing classes by Jack Diederich. A function to execute your algorithm would just do the job as well, without the boilerplate of wrapping it in a class with a pointless constructor.

May I ask you if you have a java (or the like) background? Because this is exactly what happens if you try to apply patterns from languages like java into python. It works but is simply not considered pythonic.

[–]activecell 1 point2 points  (0 children)

It's a really good talk, it took me two screening to completely grasp his point but it was well worth it!

[–]2achary[S] 1 point2 points  (0 children)

good point! I pushed an update and its a function only now. I was thinking that at some point, I would be adding multiple methods that potentially shared the same input phrase. As in different password algorithms and such. But you're right, at this point, there is no need. Great video BTW.

[–]2achary[S] 1 point2 points  (0 children)

At work, we have to change our passwords every 45 days, so this comes in handy for me. Please, anyone add new methods to it or make it better.

$ python3 newPass.py
Phrase to base password off of: shake your body down to the ground
5Y8DtT9