guess my password

Covering technology based topics including cryptocurrency, 5G, nanotechnology, IT, transhumanism, AI, surveillance and cyber security.
Post Reply
User avatar
Posts: 1332
Joined: Mon Jul 26, 2021 12:35 pm
Has thanked: 64 times
Been thanked: 204 times

guess my password

Post by u+me »

GRC's Interactive Brute Force Password “Search Space” Calculator
(NOTHING you do here ever leaves your browser. What happens here, stays here.)
class0 2 Uppercase

class0 17 Lowercase

class0 2 Digits

class0 3 Symbols

24 Characters
Enter and edit your test passwords in the field above while viewing the analysis below.
Brute Force Search Space Analysis:
Search Space Depth (Alphabet): 26+26+10+33 = 95
Search Space Length (Characters): 24 characters
Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length) 295,095,290,555,
Search Space Size (as a power of 10): 2.95 x 1047
Time Required to Exhaustively Search this Password's Space:
Online Attack Scenario:
(Assuming one thousand guesses per second) 93.83 billion trillion trillion centuries
Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second) 9.38 hundred trillion trillion centuries
Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second) 9.38 hundred billion trillion centuries
User avatar
Posts: 810
Joined: Sun Apr 04, 2021 1:41 am
Location: 🏴‍☠️
Has thanked: 335 times
Been thanked: 800 times

Re: guess my password

Post by BananaMulcher »

These estimates assume nothing has been precomputed. A lot of serious pw brute forcing uses things like precomputed hash tables of common words and patterns that might appear in passphrases. And, after working in several IT roles, I have zero confidence in most people's ability to create strong, unique passphrases entirely from their head. And that's not to insult anyone, the human brain is just a poor generator of passphrases.

So here's a quick tip. Passphrase complexity is limited by the number of characters on the standard keyboard. 26 for letters, 34 if you include numbers and double that if you include special characters. 60-something is a pretty weak set to derive from. So the industry tries to get around this by offering bad advice: "make a mixed alphanumeric string at least 12+ long yada yada" :roll:

Better is to increase that space using entire words as the core component instead of individual characters. There are thousands, or tens of thousands, just in English alone. And to avoid the weak randomization of the human brain, roll some dice instead to determine which words to join. A passphrase consisting of at least four words is easier to memorize than some Dk!n#ja)enUA string while at the same time much stronger since length alone is what carries the entropy instead of relying on a character set.

If you read this far, and still follow what is being shared, then congratulations. If not, this infamous XKCD strip might be a better explanation:

"It will make things difficult, if it becomes known among the peoples of the Weave that they have among them a new ally who happens to be immune to our particular kind of gentle persuasion."
User avatar
Posts: 403
Joined: Tue Jun 16, 2020 5:51 pm
Has thanked: 290 times
Been thanked: 350 times

Re: guess my password

Post by Ziggy_Sawdust »

u+me wrote: Sat May 21, 2022 12:21 am
(Assuming one hundred trillion guesses per second) 9.38 hundred billion trillion centuries
:D :D :D :D
The truth is found when men are free to pursue it.
Post Reply