Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Many Seconds Would It Take To Crack Your Password?

Posted by samzenpus on from the guessing-game dept.

DillyTonto writes "Want to know how strong your password is? Count the number of characters and the type and calculate it yourself. Steve Gibson's Interactive Brute Force Password Search Space Calculator shows how dramatically the time-to-crack lengthens with every additional character in your password, especially if one of them is a symbol rather than a letter or number. Worst-case scenario with almost unlimited computing power for brute-forcing the decrypt: 6 alphanumeric characters takes 0.0000224 seconds to crack, 10 alpha/nums with a symbol takes 2.83 weeks."

2 of 454 comments (clear)

  1. Websites by SJHillman · · Score: 4, Interesting

    There's still websites out there that limit you to 8 characters maximum. When Citi held my student loans (studentloans.com), their website would just use the first 8 characters of whatever password you entered.... of course, the field would accept more and they wouldn't tell you this so the first time you went to log in, it was a very WTF moment because you'd get a Password Incorrect error even though the password matched the one you signed up with. It was one of the main reasons I was actually happy when they sold my loan to Sallie Mae six months ago.

  2. MS Office CD Key by Anonymous Coward · · Score: 5, Interesting

    I worked on a random desktop rollout contract that was paying stupid amounts of money, and one evening I observed one of my fellow contractors entering his password.

    clickity clickity clickity clickity...

    I said "wow... hardcore password", he replied "yeah, I worked on a contract before this where we had to manually put in the MS Office CD Key across a few hundred desktops, so I've memorised it. It's now my go-to password"

    Must have been the only time I've seen an MS CD-Key actually being wanted.

    Pasting the first CD Key I could find on serials.ws (V4933-88FR7-9P3KK-D2QF4-9M9CM) into the GRC tool produced:

    Online Attack Scenario:
    (Assuming one thousand guesses per second) 68.45 thousand trillion trillion trillion centuries

    Offline Fast Attack Scenario:
    (Assuming one hundred billion guesses per second) 6.84 hundred million trillion trillion centuries

    Massive Cracking Array Scenario:
    (Assuming one hundred trillion guesses per second) 6.84 hundred thousand trillion trillion centuries

    Anyway, in actual practice: passphrases using 2-3 words. I've found that 4 words and above is a bit much. And writing down your password/passphrase on a post-it is not a bad thing so long as your obfuscate it!