linkp.gif linkr.gif linke.gif


SimThrow Passphrase Generator & Tester 
How strong is the pass phrase you just generated in your case, for example to protect your WiFi or vault?  Does 'They can do 150 billion guesses per second' apply to your case?
SimThrow is Itura's easy to use pass-phrase generator & strength analysis tool. It estimates strength and recovery times for individual cases like specific applications, hashes, recovery hardware capacity, and dictionaries.
Passphrase generation is based on Diceware.Throwing  the dices though, is simulated by random generators. Choose 'throwing' based on a true random generator on Internet or based on a local pseudo generator to stay offline.
Download the passphrase generator & tester here 
v 3.0 is out! (July, 2016). It supports the new EFF wordlists, which generate easy to use pharases and have other unique features. See EFF announcement for details. The still unique day 1 recovery chance graph is improved. And it still contains a check for collisions: 'car pet in put' contains only 2 words 'carpet input'. (The EFF wordlist is collision resistant.) See release notes in license tab. 
(version 1.0 was released on  Oct 2,2013)

Sample Analysis Standard Mode
The current passphrase is:  wadi attack overt wire 
When used as WiFi key, the passphrase could be recovered off-line in  1.2 centuries   on average.  
Assumed recovery hardware etc.: WiFi, 8 GPUs,WPA/WPA2 
If a site stores the phrase as a SHA512crypt hash, the phrase could be recovered in 4.8 centuries  on average.
Assumed recovery hardware: Slow hash/Prof Hw, 25 GPUs
When sniffed as a NTLM-password on a Windows network, the phrase can be recovered in 4.0 hours  on average!  
Assumed recovery hardware: Fast hash/Prof Hw, 25 GPUs
Online trial logins on sites that do not  limit faulty logins, could succeed in 1739 centuries on average.  
Assumed  online logins: 1000 x /sec
When used as WiFi key, agencies employing a 512 GPU-array,, could recover it in: 1.9 year on average!   Assumed hardware: 512 top GPU array, '8 ->512 performance estimated'. A 5 word Phrase would take centuries, though!
Only lowercase letters?  Smart brute force (letters only) will recover the phrase in: 6E+17 centuries on average! 
Assumed hardware: Fast hash/Prof Hw, 25 GPUs,NTLM

itura006005.jpg itura006004.jpg
PassPhrase Generation
PassPhrase Strength
SimThrow Download
Information Security
Innovation through IT