The Googlewatchblog
shows how you can use
Googles password test script to find
out how secure your own password is.
To use this, go to https://www.google.com/accounts/RatePassword?Passwd=
Ok thought I try it out with the password 'hgd', the result is funny, it says 4 (0 is the lowest security, 4 the highest).
Ok lets test this.
#include <unistd.h>
#include <stdio.h>
int main (void){
const char *pass="hgd";
const char *user="foo";
printf("%s:%s:2305:0:99999:7:::\n", user
, crypt
(pass
,user
)); return 0;
}
The code produces a basic shadow(3) line like we all have on our Linux installations with the crypted value of 'hgd'.
gcc pwd.c -lcrypt; ./a.out > file; sudo john file
Loaded 1 password (Standard DES [48/64 4K])
hgd (foo)
guesses: 1 time: 0:00:00:06 (3) c/s: 97211 trying: w9s - szs
sudo john file 5,42s user 0,04s system 90% cpu 6,046 total
Wow thats really a secure password!!!
Tested on my 2 years old notebook.
Ok google tests it for web applications and not for login data on your operating system but
this fact makes it even easier to gain access since every basic wordfile could brute force this.
I hope noone uses this script to test his passwords...
Google scheint mittlerweile auch einen Passworttestservice anzubieten. Unter der URL https://www.google.com/accounts/RatePassword?Passwd= kann man nach dem = ein Passwort angeben. Die Webseite sagt dann mittels eines Zahlencodes, wie sicher das Passwort i
Tracked: Jan 09, 00:03