Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Password strength question


  • Please log in to reply

#1
diggeryo

diggeryo

    Member

  • Member
  • PipPipPip
  • 343 posts
This question doesn't necessarily fit into this forum, but I couldn't find any other forum that it fits into. So considering passwords are used on a lot of web pages and in emails, I put it in here.

My question has to do with password strength. I've read many times it is a good idea to have not only upper and lower case letters in a password, but also have numbers and symbols. This will make it harder to break. However, what I don't understand is HOW it would be harder to break? I understand by adding numbers and symbols into the mix, you are making it take that much longer for a brute force attack to be successful.

HOWEVER--if the person trying to crack your password doesn't KNOW whether you have all letters or a combination of letters, numbers, symbols, wouldn't any two passwords of the same length theoretically take the same amount of time to crack, no matter their make up?

For example, if I have two passwords of 15 characters:

abcdefghijklmno
x@65:f$kW8)?=9F

If the attacker doesn't know that I used the first one (with only letters), then he/she will still have to implement numbers and symbols in the attack, and it should theoretically take just as long to crack it.

Or am I missing something?

thanks,
mike.
  • 0

Advertisements


#2
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,640 posts
Hi Mike,

HOWEVER--if the person trying to crack your password doesn't KNOW whether you have all letters or a combination of letters, numbers, symbols, wouldn't any two passwords of the same length theoretically take the same amount of time to crack, no matter their make up?

No its all about the amount of possible combinations that equals the password, lets say your using a six letter word for your password, that means you have 6 letters, that each have 26 letters that it could be from the alphabet, so that gives you 308,915,776 password possibilities. That could be cracked in seconds. Now if you mix in uppercase letters, symbols, numbers, the possibilities are a great bit more. Here is an example.. if the password is mypassword that would be cracked in seconds. Now if you made it MyP@$$w0rd it would take quite a bit longer even weeks to crack it.

Now don’t get me wrong, any password can be cracked with the right amount of time and power so changing them often is a must. Here is a link where I got some of the above information. http://www.utdallas..../STpassword.htm it has a chart and some examples you can take a look at.

Let me know if that answers your question
  • 0

#3
diggeryo

diggeryo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Thanks for the reply, BHowett (and the informative link). I understand what you're saying about about uppercase letters, symbols, and numbers making the password harder to crack. But what I'm saying is that if the cracker doesn't know that you used only lowercase letters, then his brute force attack will still have to test for uppercase letters, symbols, and numbers. So, as long as the attacker doesn't know you used a password with only lowercase letters, it should offer you the same protection as one of the same length that also has uppercase letters, symbols, and numbers.
  • 0

#4
BHowett

BHowett

    OT Moderator

  • Moderator
  • 4,640 posts
No its s systematic attack starting at the lower obvious choices first, so it would be much faster. The time taken would be dependent on what your password is.
  • 0

#5
diggeryo

diggeryo

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 343 posts
Ok, I think I completely understand now. Would this be correct then--

If you used a password with only lowercase letters and the cracker did not know this (and thus has to still check for uppercase letters, numbers, and symbols), then cracking the password would take longer than if the cracker knew it were only lowercase letters but shorter than if you had used an uppercase letter, number, or symbol in your password.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP