Password complexity -- How long to crack a password?

Started by Jason, July 06, 2012, 03:34:15 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Jason

An interesting read: 

http://www.itworld.com/security/280486/how-long-would-it-take-crack-my-password

Notice how jumping from 6 to 10 characters in length and adding symbols can make the difference between a system cracking your password in 0.0000224 seconds  to 2.83 weeks.    Yet another recommendation for using a password tool (like Keepass)

Quote
Look below and pick which password-cracking jobs you'd want to take on if you were a computer. The examples come from the Interactive Brute Force Password Search Space Calculator: at GRC.com, the love child of from former InfoWorld columnist and freeware contributor Steve Gibson

How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols)

6 characters: 2.25 billion possible combinations

    * Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
    * Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds
    * Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds

10 characters: 3.76 quadrillion possible combinations

    * Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
    * Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours
    * Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds.

Add a symbol, make the crack several orders of magnitude more difficult:

6 characters: 7.6 trillion possible combinations

    * Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries.
    * Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes
    * Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds

10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

    * Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries.
    * Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years
    * Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks.

Take Steve's advice: go for 10 characters, then add a symbol.

MK12_20MM

I just started using keepass... The portable (usb version) since a hard drive crash your toast.  Plus you don't have a bunch of notes everywhere.  :P  Good recommendation.. +1

Jason

That's what I do too --   Just make sure to keep a copy of the keepass database file backed up somewhere in case you lose the usb drive.    :)