Jump to content

Something important for all internet buyers/sellers....


Recommended Posts

So my primary job for the last year and a half has been selling computer parts on eBay. Turns out my PayPal password was not strong enough and my business PayPal account was hacked this last weekend. No the info wasn't phished. I've been at this sh!t for 9 years now, I know all the normal tricks. Too bad I fogot about the most obvious one: brute forcing a password. Ultimately the person that broke in received nothing since I cought the error within a few minutes, but the resulting ripple effect of this will hurt my business for a while. My account is under special review and all transactions, incoming and outgoing, are locked. So my items are for sale on eBay, but I cannot accept payments for them. I am already getting complaints from angry customers. Ultimately this is going to hurt my paycheck pretty bad.


This is my little rant to make sure all you guys/girls that buy, sell and bank online to make sure you have sufficiently strong passwords. Remember: a 6 character alpha-numeric password using only lowercase and numbers can be brute forced in as little as a couple weeks using a handful of decent computers. An 8 character can be done in about a year or two worst case. A 12 character password using alphanumeric, at least one capital and one special character would require 150+ years using every available computer in the world to generate your password.


Make sure you passwords are way more then adaquet for your financial internet usage.

Link to comment
Share on other sites

if you do a little google searching on system security you should be able to find the specifics. internet security scientists have the numbers all calculated per megaflop and gigaflop of cpu. With a little cross referencing you can find out the number of flops a common home computer can run and then do the rest of the math. i rattled those numbers off the top of my head. I am sure I remember them incorrectly, but the bit about the 12 character being 150+ is pretty close. think about this:


12 char alphanumeric: 10 digits, 26 letters, 26 capital letters, 30 (or so) common special characters means you have about 92 characters per slot. any pass generator has to start, for a 6 char password, with 92^6. Which is about 606 billion combinations right there. Not to much for a couple decent computers to generate and try to submit. Internet transit time slows down the brute forcing or it would actually be a little faster. And for each additional char you add you have grow the number exponentially so your password ends up being : 92^X where is the number of characters in your password. a 12 char is ~36^22, or 367666387654882241806336 combinations.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.