• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

password strength question

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.

ponkan pinoy

Member
Joined
Jan 20, 2004
Location
Oakland, CA
I know that ideally, a strong password is a random mix of mixed-case alphanumeric characters, plus punctuation if allowed, 9-12 (or more) characters long. Definitely nothing that resembles words. But what about a phrase with the spaces stripped out or replaced with punctuation/numbers, how strong would that be? The one I'm considering is 20+ letters long.
 
You could try a password cracker to test how strong your password is. Cracking it could take a few hours to a few months depending on the keyspace you want to crack.(case, symbols, number of characters, ect.) Im not sure if we can post links to them but there are tons of them online. The password that your thinking of should be pretty good but might be hard to remember,
 
For most applications and the one trying to break it isn't dead set, the phrase would probably be enough, unless it's a really common cliche. Trying to brute force a 20 letter phrase would take a very long time (1.34217728x10^35 possibilites). Someone would notice before they came anywhere near it.
 
that is a very different way at looking at pswds. My main ones are just 6-12chrs long and a mix of uper and lower case including 1-5 numbers. It is hard to remember at first but now you can just feel it on the keyboard
 
I won't have a problem remembering the passphrase, I'll probably run it through crack when I get home, see if it gets any hits.
 
i gave up on trying to remeber passwords/phrases a long time ago. these days i just use keyboard patterns, like going up and down certain rows, or making spirals with the keys, etc. depending where on the KB you start, you may end up with all kindsa characters, albuit pure jibberish.
 
A 20 character password with numbers caps and symbols has 2932256630791119100000000000000000000000 diffrent possibilities. that would take my computer 1700000000000000000000000 years
 
As long as your phrase isn't something cliche or is mostly high-frequency words, and includes symbols and/or odd case (not title case, sentance case, upper case, lower case, etc) it should be fine.

Tips for Passphrases:
  • Just like passwords, it's more about the entropy than the complexity. p@55W0rD is pretty complex, but every password cracker out there is going to try it ;) Similarly, "Till Death Do Us Part" is so cliche that it's probably on every passphrase cracker's list. Something obscure like "Candycane hygene and you" (which I just came up with) probably would take a while to crack.
  • Even though entropy is better than complexity, complexity never hurts ;) Throwing in symbols, varying case, etc apply just as much to a passphrase as a password.
  • Remember that the easiest way to crack a passphrase is to treat it like one. Admittedly your attacker may not know you're using a passphrase, but why leave security up to that kind of hope?
    A passphrase that looks great from a password-cracking point of view (24 charachters, upper and lower case, spaces) may not be so great against a real passphrase cracker. For instance, "Candycane hygiene and you" can be viewed either way:
    • 24 chars, mixed case, spaces: 53^24 = 2.4 x 10^41 possibilities
    • 4 words, one of 4 "normal" cases, seperated by spaces, all words within top 5000 frequently used words: 15000^4 = 5.0 x 10^16 possibilites
      • This is roughly the same as an 8 charachter upper/lower/symbols password (which weighs in at 3.6 x 10^15 possibilities)

JigPu
 
Back