It actually doesn't matter too much you can have a secure 8 character password All you need to do is this
1. use both lower and upper case This brings each char to 48 possibilities
2. use numbers and symbols on the top row and other rows. this will bring the the count to 21*2 possibilities is 42 so 42+48=90
The number of possible passwords is 90^8
Now lets see how long it would take to bruteforce. Lets assume that testing a key would take the same amount of time to increment a register by 1 (in reality it would take longer).
You can write a simple program to do this in C:
#include
int main (){unsigned int i=0;//int is 32 bits on OS X
i++;
while(i++){}
return 0;
}
copy and paste that into a test.c file and in the terminal type:
cc test.c -o test
/usr/bin/time test
On my machine it outputs this:
64.68 real 32.67 user 0.82 sys
It takes about 32 seconds to go through 2^32 many combinations. Now lets divide the time it takes for the program to run by the number of possible keys:
90^8/2^32=1002259
So it would be 30sec *1002259 which would be 30067770 seconds. 30067770/60 is 501129 minutes. 501129/60 is 8352 hours. 8352/24 is 348 days. About 1 year to crack your password (it would actually take longer). Here is a formula for you.
1002259*time/60/60/24
So some nobody on the internet isn't going to break your password via bruteforce. They are more likely to exploit some program running on your computer. Now suppose someone had a user account on your computer and was able to do this in the terminal:
nidump passwd .
This would give some nefarious user the hashkey and allow them to distribute the cracking across multiple computers. So if someone had a lab of 50 computers all hookedup and was able to create a rendevous enabled password cracker the time would be drastically reduced.
1002259*time/60/60/24/50
If someone had 50 of my computers they could crack the password in 6 days. Not that bad. The nidump hole in OS X is more important to patch than the 8 character password. Because anyone who has a user account can compromise your system. There are various places where you can get the computing power. You can zombify various boxes on the internet or go into a college computer lab.
if I have made any mistake post below me
Slashdot Mirror
that code wont work. It got lost in the html fomatting. the #include line should be
#include
It actually doesn't matter too much you can have a secure 8 character password All you need to do is this
//int is 32 bits on OS X
1. use both lower and upper case This brings each char to 48 possibilities
2. use numbers and symbols on the top row and other rows. this will bring the the count to 21*2 possibilities is 42 so 42+48=90
The number of possible passwords is 90^8
Now lets see how long it would take to bruteforce. Lets assume that testing a key would take the same amount of time to increment a register by 1 (in reality it would take longer).
You can write a simple program to do this in C:
#include
int main (){unsigned int i=0;
i++;
while(i++){}
return 0;
}
copy and paste that into a test.c file and in the terminal type:
cc test.c -o test
/usr/bin/time test
On my machine it outputs this:
64.68 real 32.67 user 0.82 sys
It takes about 32 seconds to go through 2^32 many combinations. Now lets divide the time it takes for the program to run by the number of possible keys:
90^8/2^32=1002259 So it would be 30sec *1002259 which would be 30067770 seconds. 30067770/60 is 501129 minutes. 501129/60 is 8352 hours. 8352/24 is 348 days. About 1 year to crack your password (it would actually take longer). Here is a formula for you.
1002259*time/60/60/24
So some nobody on the internet isn't going to break your password via bruteforce. They are more likely to exploit some program running on your computer. Now suppose someone had a user account on your computer and was able to do this in the terminal:
nidump passwd .
This would give some nefarious user the hashkey and allow them to distribute the cracking across multiple computers. So if someone had a lab of 50 computers all hookedup and was able to create a rendevous enabled password cracker the time would be drastically reduced.
1002259*time/60/60/24/50
If someone had 50 of my computers they could crack the password in 6 days. Not that bad. The nidump hole in OS X is more important to patch than the 8 character password. Because anyone who has a user account can compromise your system. There are various places where you can get the computing power. You can zombify various boxes on the internet or go into a college computer lab.
if I have made any mistake post below me