Password strength

Mark Whittington markwhi at gmail.com
Mon Oct 20 18:59:51 CDT 2014 

That really does depend.  If you use completely random eight-character
passwords with all types of characters, sure.  But if you use Y3l!0wGr4p3
or something, probably much less because of the way the password cracking
tools are written.  Honestly you're better using a passphrase, something
like "I eat Caesar salads on Thursdays only."  Not only are things like
that easier to remember, but they are incredibly strong:

Y3l!0wGr4p3:
51.2 bits of entropy
Search space of 5.75e21 passwords
Search time of 1.83 years (at 100 trillion guesses/sec)

"I eat Caesar salads on Thursdays only."
189.1 bits of entropy
Search space of 2.10e73 passwords
Search time of 66.90 trillion trillion trillion trillion centuries (at 100
trillion guesses/second)


On Mon, Oct 20, 2014 at 7:04 PM, Andre Kesteloot <akesteloot at gmail.com>
wrote:

> Strength of passwords
> In addition to protecting your passwords, some programs tell you how
> strong your passwords are so that you can create better ones. Password
> strength depends largely on the length and complexity of the words you
> choose. Here’s how long it would probably take a hacker to guess your
> password:
> If your password uses only lowercase letters and numbers:     It will take
> a hacker this long to crack it:
> Three characters     0.02 seconds
> Four characters     0.46 seconds
> Five characters     11.9 seconds
> Six characters     5.15 minutes
> Seven characters     2.23 hours
> Eight characters     2.42 days
> 12 characters     3.03 millennia
>
>
> If your password uses all types of characters, including upper- and
> lowercase and:     It will take a hacker this long to crack it:
> Three characters     0.86 seconds
> Four characters     1.36 minutes
> Five characters     2.15 hours
> Six characters     8.51 days
> Seven characters     2.21 years
> Eight characters     2.21 centuries
> 12 characters     7.1 million millennia
>
> Note that adding just one capital letter and one special character changes
> the time needed to hack an eight-character password from 2.4 days to 2.1
> centuries. Now you know why so many sites require that you use
> eight-character passwords that contain upper- and lowercase letters,
> numbers, and special characters!
>
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://amrad.org/pipermail/tacos/attachments/20141020/279cbd6d/attachment-0001.html>

More information about the Tacos mailing list