Slashdot Mirror
How Many Seconds Would It Take To Crack Your Password?
DillyTonto writes "Want to know how strong your password is? Count the number of characters and the type and calculate it yourself. Steve Gibson's Interactive Brute Force Password Search Space Calculator shows how dramatically the time-to-crack lengthens with every additional character in your password, especially if one of them is a symbol rather than a letter or number. Worst-case scenario with almost unlimited computing power for brute-forcing the decrypt: 6 alphanumeric characters takes 0.0000224 seconds to crack, 10 alpha/nums with a symbol takes 2.83 weeks."
I was going to post the same thing. It's not uncommon to have sites that also limit your password to letters & numbers only.
(As an aside, the most heinous are the websites where you Forgot your password? and they email it right back to you in plaintext.)
Haven't had my first coffee yet, so my sarcasm detector isn't working. In case you're serious:
Visa always start with 4; MasterCard always start with 5.
If the attacker knows who you bank with, then they have issuer number (4-6 digits).
You lose one digit due to the checksum.
For example, suppose the attacker knows you have a Visa from Chase, then they only have guess 7 digits. That's weaker than a 3 character alphanumeric password.
"5 random lower case characters + one upper case = 26^6 * 6 NOT 52 ^ 6" Wow, who told the hacker that it is a 6 char password with 1 upper case and rest lower case?
If someone is bruteforcing your password, they can make no assumptions. (alphabet size)^(number of spaces)
Where (alphabet size) = group your char is in. eg "!" is is part of a 10 char group, so using ! gives your alphabet an extra 10.
I Lets see, upper and lower, that's 26*2, then "[]", that's another 12, "3", that's 10, * makes it another 10, "~+" is at least 6 but not sure which group. OK... that's an alphabet size of 90 and is 17 chars long. 90^17 = 1.6677181699666569e+33. Almost as strong as a GUID, but easier to remember.