linkp.gif linkr.gif linke.gif


SimThrow Passphrase Generator & Tester 
How strong is the pass phrase you just generated in your case, for example to protect your WiFi or vault?  Does 'They can do 150 billion guesses per second' apply to your case?
SimThrow is Itura's easy to use pass-phrase generator & strength analysis tool. It estimates strength and recovery times for individual cases like specific applications, hashes, recovery hardware capacity, and dictionaries.
Passphrase generation is based on Diceware.Throwing  the dices though, is simulated by random generators. Choose 'throwing' based on a true random generator on Internet or based on a local pseudo generator to stay offline.
Download the passphrase generator & tester here     

v 2.0 is out! (May 29,2014)  Many improvements including unique day 1 recovery chance graph!
v2.1 is out! (Aug 28, 2014)  Better standard reporting including defeating the lower case only fairytale, and unique is wordlist collision detection. The 4 word phrase 'car pet nor ma' contains only 2 words 'carpet norma'


Sample Analysis Standard Mode
The current passphrase is:  wadi attack overt wire 
When used as WiFi key, the passphrase could be recovered off-line in  1.2 centuries   on average.  
Assumed recovery hardware etc.: WiFi, 8 GPUs,WPA/WPA2 
If a site stores the phrase as a SHA512crypt hash, the phrase could be recovered in 4.8 centuries  on average.
Assumed recovery hardware: Slow hash/Prof Hw, 25 GPUs
When sniffed as a NTLM-password on a Windows network, the phrase can be recovered in 4.0 hours  on average!  
Assumed recovery hardware: Fast hash/Prof Hw, 25 GPUs
Online trial logins on sites that do not  limit faulty logins, could succeed in 1739 centuries on average.  
Assumed  online logins: 1000 x /sec
When used as WiFi key, agencies employing a 512 GPU-array,, could recover it in: 1.9 year on average!   Assumed hardware: 512 top GPU array, '8 ->512 performance estimated'. A 5 word Phrase would take centuries, though!
Only lowercase letters?  Smart brute force (letters only) will recover the phrase in: 6E+17 centuries on average! 
Assumed hardware: Fast hash/Prof Hw, 25 GPUs,NTLM

itura005005.jpg itura005004.jpg
PassPhrase Generation
PassPhrase Strength
SimThrow Download
Information Security
Innovation through IT