guide for a good password

[ard1998]

I know that linus is making a tutorial about how to make your passwords secure as possible. bit in this tutorial, i am giving you the answere _{if there are text faults, please send me an message. english is not my navite language.}

 

1. This is how you think it works

do you think one of the most important things for an strong password is that it has a lot of different cinds of characters, so the computer that is "guessing" your password has to try more things before your password is stolen. in the examples inder this line i have a few 8 character combinstions (random)

 

for the mathematicians, i'm using the formula (possilbe_key_combinations)^{Number_of_keys}

 

• only lowercase letters(26):

26⁸ = 208 827 064 576 possible options

• lowercase(26) and uppercase letters(26)

(26+26)⁸ = (52⁸) = 53 459 728 531 456

 

 

53459728531456 / 208827064576 = 256, so this password is 256 times as strong, right?

 

2. this is how it works

partly. how should an hacker know that your password only contains lowercase letters? not. for now, length is the key to an good password. an pasword cracking program begins with every 3 (number of letters of the shortest password possible, this number is an example) character password. this programs mostly begin with guessing a string of A's and then trying everything at the same way you can count to a big number, by increasing 1 character. so the mext password it guesses is AAB, AAC AAD (some guessses) AA0 AA1 AA2

 

an example:

 

https://www.quora.com/How-many-characters-are-represented-on-a-US-English-QWERTY-keyboard shows us that we have 95 characters for an password, so we are making a long password like Pancaces_are_awesome it contains 20 characters, so for the math, the minimum password length is 8 characters and we are calculating the best case cenario. just like above. with the technology of today

 

95²⁰ - 95⁸ =       3 584 859 224 085 422 343 574 097 770 245 150 000 000 (best case cenario)

95¹⁹- 95⁸ +1 = 37 735 360 253 530 761 511 299 727 947 786 718 751

 

a professional hacker uses his gpu to crack the password with 350 billion guesses per second (just read on the internet)

in the best case cenario we have:

3 584 859 224 085 422 343 574 097 770 245 150 000 000 / 350 000 000 000 = 10 242 454 925 958 349 553 068 850 772 seconds

10 242 454 925 958 349 553 068 850 772 / 60 / 60 / 24 = 118 546 932 013 406 823 530 889 days

 

in the worst case cenario we have

37 735 360 253 530 761 511 299 727 947 786 718 751 / 350 000 000 000 = 107 815 315 010 087 890 032 284 936 seconds

107 815 315 010 087 890 032 284 936 / 60 / 60 / 24 = 1 247 862 442 246 387 616 114 days

 

3. hint for an good password

• is you are making a long password, you can make a easy to remember password with underscores and a few special characters (for the case that the hacker try's all cinds of possible words. for example: th!s_is_@n_verry_s@fe_pa$$word . You can do this with the following 2 step plan.

1. make an normal password (pass sentense) with underscores
2. make a few rules to remenber. in the example above i have 3 rules "all a = @", "first i = !" and "in the last word all s = $" (these rules are your own decryption keys of your passord, others can know the sentense, not recommended, as long as you are the only one who knows the rules to make an password out of the sentense.)

• be sure at least one of the first 5 and last 5 characters is not an letter.(just for extra safety)

 

if there are faults in this guide, please tell me and i will repair them

[DXMember]

just a heads up - 350 billion guesses per second was achieved in 2012 with Radeon 7990 GPU cluster

 

 

another great tip is to include characters from different keyboard layouts - different languages and non printable characters with some random Unicode

[Flavortown2k16]

so ÄnälCh33se4Lyf Is good pass?

[ard1998]

9 minutes ago, DXMember said:

another great tip is to include characters from different keyboard layouts - different languages and non printable characters with some random Unicode

i haven't include them because of simplicity. if i should calculate with all exiting Unicodes and things that we dont have in our unicodes. calculating this should be verry difficult. also most peaple don't want to switch unicodes to enter their passwords.

 

9 minutes ago, DXMember said:

just a heads up - 350 billion guesses per second was achieved in 2012 with Radeon 7990 GPU cluster

 

i know that, but becouse of i have used less posible options, becouse of the reasen above. hackers should calulate them but for simplicety, i had to exclude them.

 

1 minute ago, Flavortown2k16 said:

so ÄnälCh33se4Lyf Is good pass?

before you telled it it was an good password. but now it's on the internet it isn't safe anymore

[arnavvr]

If you have the money, password managers like LastPass and 1Password are good options and always enable 2FA on accounts.

[DXMember]

1 hour ago, ard1998 said:

i haven't include them because of simplicity. if i should calculate with all exiting Unicodes and things that we dont have in our unicodes. calculating this should be verry difficult. also most peaple don't want to switch unicodes to enter their passwords

well either way just don't use dictionary words and go above 12 characters, then you're quite OK

although that dude with 7990 GPU cluster that was cracking 350 bil passwords a second - he said that any Windows passwords is brute forced in about 6 hours...

[MatthewsTech]

Helpful guide, great reminder for some people who especially re-use passwords! First hand experience of a weak password being found and accessing all types of accounts has caused issues in the past.

 

Thanks for posting, especially for the newer tech generation!