Password strength and cracking

Calculating the strength of a password is not a straight forward task and here is why.  In this instance strength as to do with how long it would take to brute force a password or crack it.

Are you using a CPU or more than one?  CPUs are fast compared to the human mind but what speed is the cracking CPU running at?  This can play a part in how long it would take to crack a password.

Are you using a GPU or more than one?  If a CPU is fast than a GPU, for this type of task, is MUCH FASTER.  GPUs are created to do math at high rates of speed and they do a great job of it.

Are the passwords stored using a strong hashing algorithm like SHA512 or a broken one like MD5?  MD5 is broken as it has hash collisions, meaning more than one password could give the same hash as anther.  This would make the chances of finding a working password much easier.

Does the software being used to crack the password utilize multiple CPU or GPU?

Here is a little calculation that will let you know how big the space, the total possible passwords, your password setup is.

total possible passwords = number of character in the set ^ the number of characters in your password.

In other words if the system only allows lower case letters and you have a six character password there are only 308,915,776 possible passwords.  That would not take a CPU very long, a few seconds maybe, and would take a GPU even less time.  But by making it more complex and longer the number starts to go up fast.

Upper and lower case, 52 possible characters, in the set and six characters long would have 19,770,609,664 possible passwords.  The GPU would still only take like a few to maybe 10 seconds.

Add 0-9 and you have 62 characters in the set making it even more secure.  56,800,235,584

Add some special characters, let’s say 15 for a total os 77 characters in the set,  and the possible number of passwords is even larger.  208,422,380,089

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s