Comments on: Keycloak Client Passwords are insecure by default https://blog.icod.de/2022/10/10/keycloak-client-passwords-are-insecure-by-default/ Webentwicklung und sonstiger Unsinn :) Web development and other nonsense :) Sun, 13 Nov 2022 14:23:02 +0000 hourly 1 https://wordpress.org/?v=6.9.4 By: Darko Luketic https://blog.icod.de/2022/10/10/keycloak-client-passwords-are-insecure-by-default/#comment-51245 Sun, 13 Nov 2022 14:23:02 +0000 https://blog.icod.de/?p=1821#comment-51245 In reply to K.

This image doesn’t say how many distributed systems are working on this.
Ok their blogs post says it’s 1 GPU only.
Assume a government funded distributed system like the NSA operates. 1000s of computers.
How secure is a 32-length password where 1 byte can have 16 possible values? (numbers only + 6)
Not secure at all.
That needs to change and that’s why I created this post, because they aren’t paying attention to it and not doing anything to change that.

]]> By: K https://blog.icod.de/2022/10/10/keycloak-client-passwords-are-insecure-by-default/#comment-51236 Sat, 12 Nov 2022 12:53:44 +0000 https://blog.icod.de/?p=1821#comment-51236 Well according to this (https://images.squarespace-cdn.com/content/v1/5ffe234606e5ec7bfc57a7a3/175e6393-2500-4a0d-81e8-c380bbe896e7/Hive+Systems+Password+Table) it will take a while for a password to cracked.

]]>