this post was submitted on 01 Oct 2023
375 points (93.7% liked)

Linux

48186 readers
1383 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

You can totally use emojis as passwords. You can probably even make this a policy at your company.

Edit: I thought this was an obvious enough joke, but just to clear things up: Only do this if you hate your company and everyone working there.

you are viewing a single comment's thread
view the rest of the comments
[–] deadcade@lemmy.deadca.de 12 points 1 year ago (1 children)

For somewhat more realistic numbers:

According to minerstat.com, an NVidia RTX 4090 has a hashrate of 118.07MH/s. This is 118.07 Megahashes per second, or 118.070.000 hashes per second. For a password with only 8 lowercase letters (208.827.064.576 combinations), it would take an RTX 4090 approximately 1769 seconds (or ~30 minutes) to go through all possible combinations. For an 8 character upper+lower+numbers password (218340105584896 combinations) it would take 1849243 seconds, or 21.4 days.

For an 8 emoji password (32482071647592311234920185856 combinations), it would take 275.108.593.610.504.896.512 seconds, or 8.723.636.276.335 years.

Lets say a magic prediction algorithm reduces the number of possible combinations in each password to 1 out of every 1 million previously possible combinations. 8 lowercase letters would be cracked instantly, while an 8 emoji password would still take 8.723.636 years.

[–] skullgiver@popplesburger.hilciferous.nl 7 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] deadcade@lemmy.deadca.de 5 points 1 year ago

The times I calculated were indeed going over every possible combination, it would take half as long to crack a password on average. Considering reducing the time to 1/1000000 still leaves you with an incomprehensibly large estimated timespan, dividing that by 2 doesn't do that much for making it brute-forceable.

I did note it was specifically for 8 emojis, not 8 characters or bytes.

And yes, it's very impractical and likely to break things. It's better and much easier to add extra letters, numbers, and symbols to your password rather than using emojis. Using a password manager is even better.

As you stated, a single unicode character would mean your password wouldn't be included with the potential options in almost all brute forcing tools. Whether you use 8 emojis or 1, your password likely won't get brute forced.

All of my "emoji password" numbers are if the attacker knows it's a password containing exactly 8 emojis, and nothing more. Adding a regular symbols+upper+lower+numbers 16 character password would make it even more impossible to brute force.