Estimating Password Crack Times

[Aristotle]

Kinda fun to mess around with this, though I'm too paranoid to test any of my actual passwords. But I tested some that were similar and it was interesting to see what really makes a password harder to crack.

https://www.betterbuys.com/estimatin...racking-times/

To get started, we set out to discover just how quickly a seasoned cracker could “brute-force” various types of passwords (systematically check combinations until finding the correct one) based on factors such as length and character types. We also created an interactive feature that lets you estimate how long it would take someone to crack a password now compared with how long it took in the past.

My main conclusion: the longer the password, the better. That was even more effective than any numbers, special characters, or other silliness.

[Rosuav]

My main conclusion: the longer the password, the better. That was even more effective than any numbers, special characters, or other silliness.

Indeed. And preach that. Preach it everywhere. Recommend really REALLY long passwords. I like to use XKCD 936 style passwords; realistically, they're even better than the numbers given, because not everyone uses the same pool of 2048 "common words". An attacker would probably have to go through roughly 4096 words, giving 12 bits of entropy per word; plus you can probably squeeze another 3 or 4 bits of overall entropy from the way you combine the words (capitalization, various forms of punctuation, etc). But even if someone has *your exact word list*, and knows *your personal password style*, there's still as many possible four-word passwords as there are in an eight-character simple password, using absolutely no dictionaries. (And password dictionaries become useless in the face of 936 passwords.)

Humans are *terrible* at estimating exponential growth. Imagine a classic "bank-style" password - you have at least one upper-case, one lower-case, one digit, one symbol. Being generous, we'll say there are 64 possible tokens. With the typical six-character minimum password length, that's 68719476736 possible passwords. Now, suppose your password is all lowercase ASCII Latin letters - just 26 options. How long does it need to be before it's equivalently complex? There are less than half the possible options per character. Turn to some people near you and ask them to guess. I've had people guessing everything from 7 to 15 (2.5 times the length, since 64 is 2.5 times 26). Okay, locked in your guess? The answer is: 8. Just two more characters and it's a more secure password.

And please, don't use Bank MECU. They just asked me to set a "verbal password" on my account; I provided a 936 style password, and it was *too long*. It had to be cut back to just two words, or it wouldn't fit. Granted, that password can't be brute forced (it's used over the phone or in person, dealing with an actual person on the other end), but still, there's no point EVER having a maximum length. With a typical computerized system of hashed passwords, you should be able to use 256-bit hashes; even if we accept that the birthday paradox means that we'll have a 50% chance of a collision at the square root (give or take), that means 340282366920938463463374607431768211456 possible passwords to get a 50-50 chance of breaking it. That means a 27-letter alphabetic password, or a 21-character complex password, will still be perfectly representable. Double those lengths for truly-comparable figures. There should be NO maximum.

[Aristotle]

Okay, locked in your guess? The answer is: 8. Just two more characters and it's a more secure password.

I wish sites would require 9 or 10 characters rather than some random ass, impossible to remember combination of upper/lower case, numbers, special characters, etc. And then you have some sites that forbid special characters, but require 4 other things. Ridiculous.

Just require 9 or 10 characters and you're good to go.

[Rosuav]

I wish sites would require 9 or 10 characters rather than some random ass, impossible to remember combination of upper/lower case, numbers, special characters, etc. And then you have some sites that forbid special characters, but require 4 other things. Ridiculous.

Just require 9 or 10 characters and you're good to go.

Yeah. And go for 10, because it's easy for people to get their heads around.

[Aristotle]

A great example of how simply making a password longer is better than just about any other method:

abcdefghijkl should be an absolutely horrible password, right?

2 centuries to crack it.

[Aristotle]

Just messing around.

i-love-snickers = 466590686 millennia and change to crack.

[Rosuav]

A great example of how simply making a password longer is better than just about any other method:

abcdefghijkl should be an absolutely horrible password, right?

2 centuries to crack it.

Actual attackers quite possibly use a more sophisticated dictionary than this example does, so the site is showing the same crack time for "abcdefghijkl" as for "qnflxprmwlzf", which might not be fair. But plenty of banks will reject both of them.

There is another aspect to password crack time, incidentally. The throughput calculations are on the basis of hashing, which means an attacker has obtained a leaked password hash and is attempting an offline crack of the hash. If someone were to try to brute-force a Threshold RPG password, s/he would have to (a) establish a socket connection for every three passwords attempted, which would slow the attack down significantly; and (b) somehow not be noticed, hammering the server like that. The attack times given are for compromising your specific account after there's been an Amazon-level data breach.

[Gromgor]

So basically what you're saying is that "password-protected" is actually a ridiculously good password?

[Rosuav]

So basically what you're saying is that "password-protected" is actually a ridiculously good password?

It depends on the quality of the dictionary search system. At very worst, this password consists of three tokens: two words (worth somewhere between 11 and 17 bits of entropy each), and a "word-hyphen-word" structure (worth about three or four bits, given that there are a decent number of ways you can combine words). That gives, probably, about 33-34 bits of entropy. So if someone knows you use this kind of system, your password would work out roughly as good as a theoretical six-character bank password.

But if the dictionary search isn't done, then it is indeed ridiculously good. Eighteen characters, including one non-alphabetic. Even a conservative estimate would put that as at least 4 bits of entropy each, making it equivalent to a *twelve* character bank-theoretical password, and unfeasibly long crack times can be expected.