Jump to content

Acceptable Pseudo Password Length?

Guest
By Guest
in Programs, Apps and Websites
 Share
Go to solution Solved by vanished,

There's an easy way to figure this out.

 

First, how many unique characters are allowed in each "digit"?  If it only allows numbers, that's 10.  If it's lower case and upper case letters, and numbers, that's 26 + 26 + 10, or 62.  If it also allows special characters, add those as well.

 

Then, what is the range of password lengths allowed?  If there is no minimum, we start at 1 character, but let's say 6 just for the sake of things.

 

now how long is yours?  10 characters?  If you want to check all possible passwords use the maximum allowed length, but if you only worry about your own, use your length.

 

Now, where chars is that number we got first (maybe 62?), min is the minimum length (6?) and max is the maximum length (10?), this is the equation for the number of combinations:

Capture.PNG

 

Using the numbers I mentioned, we get 853058370935030464.  If you can check 1 billion combinations per second, that's about 27 years to crack :P If you have better hardware though, this number could come down.

Posted

Hi, so I just watched the AFAP video on passwords and I came to the part of the video where it said 12 character passwords instead of 8 character passwords can take thousands of years to guess and my followup question to this would be, what would the acceptable minimum pseudo password length be? 

Link to comment
https://linustechtips.com/topic/627088-acceptable-pseudo-password-length/
Share on other sites
Link to post
Share on other sites
Posted

That depends on how much you don't want someone breaking it.  It also depends on the allowed characters.  If it can be lower or upper case letters, numbers, special characters, etc. each additional character will add a lot more security than if it only allows numbers, for example.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
Posted
3 hours ago, Ryan_Vickers said:

That depends on how much you don't want someone breaking it.  It also depends on the allowed characters.  If it can be lower or upper case letters, numbers, special characters, etc. each additional character will add a lot more security than if it only allows numbers, for example.

Right. I mean then would would be the general acceptable starting amount since 8 doesn't cut it

Link to post
Share on other sites
Posted
1 minute ago, IAmLamp said:

Right. I mean then would would be the general acceptable starting amount since 8 doesn't cut it

Well if there was, it would be nice to see more places enforce it.  The thing is, not only is the minimum often 6 characters or so on most sites, or 8 if you're lucky, but on some sites 8 is the maximum xD 

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
Posted

8 with numbers, letters, and symbols is typically pretty secure.

An example being

safe
gg91!2Ck&

not safe
pooppoop

Sergeant, United States Marine Corps

Network Administrator, Comptia A+, Security+, Cisco Certified Networking Associate

From a G3258 to dual Xeon E5-2670's

Link to post
Share on other sites
Posted
3 hours ago, Jacktastic-Mofo said:

8 with numbers, letters, and symbols is typically pretty secure.

An example being

safe
gg91!2Ck&

not safe
pooppoop

8 could be cracked in a couple of days though according to Linus, I'm aiming for something that would say "This is not worth the hacker's/hackers' time to even attempt this" 

Link to post
Share on other sites
Posted
2 minutes ago, IAmLamp said:

8 could be cracked in a couple of days though according to Linus, I'm aiming for something that would say "This is not worth the hacker's/hackers' time to even attempt this" 

That example password I gave you would take four weeks according to https://howsecureismypassword.net/ which is a pretty good source.

screenshot-howsecureismypassword.net 2016-07-15 17-02-47.png

Sergeant, United States Marine Corps

Network Administrator, Comptia A+, Security+, Cisco Certified Networking Associate

From a G3258 to dual Xeon E5-2670's

Link to post
Share on other sites
Posted
1 minute ago, IAmLamp said:

Your point? 

That's long enough that it wouldn't be worth a hackers time. Just create a random 12 character password if you want something longer?

Here's an example of a 12 character password with numbers, letters, and special characters.
screenshot-howsecureismypassword.net 2016-07-15 17-02-47.png

Sergeant, United States Marine Corps

Network Administrator, Comptia A+, Security+, Cisco Certified Networking Associate

From a G3258 to dual Xeon E5-2670's

Link to post
Share on other sites
Posted
3 hours ago, Jacktastic-Mofo said:

That's long enough that it wouldn't be worth a hackers time. Just create a random 12 character password if you want something longer?

Here's an example of a 12 character password with numbers, letters, and special characters.
screenshot-howsecureismypassword.net 2016-07-15 17-02-47.png

Wrong. It could be worth hacker's/hackers' time. Think about it. I don't understand why you've shown me that picture, I didn't say I had a problem with 12 character pseudo passwords. 

Link to post
Share on other sites
Posted
  • Solution

There's an easy way to figure this out.

 

First, how many unique characters are allowed in each "digit"?  If it only allows numbers, that's 10.  If it's lower case and upper case letters, and numbers, that's 26 + 26 + 10, or 62.  If it also allows special characters, add those as well.

 

Then, what is the range of password lengths allowed?  If there is no minimum, we start at 1 character, but let's say 6 just for the sake of things.

 

now how long is yours?  10 characters?  If you want to check all possible passwords use the maximum allowed length, but if you only worry about your own, use your length.

 

Now, where chars is that number we got first (maybe 62?), min is the minimum length (6?) and max is the maximum length (10?), this is the equation for the number of combinations:

Capture.PNG

 

Using the numbers I mentioned, we get 853058370935030464.  If you can check 1 billion combinations per second, that's about 27 years to crack :P If you have better hardware though, this number could come down.

Solve your own audio issues  |  First Steps with RPi 3  |  Humidity & Condensation  |  Sleep & Hibernation  |  Overclocking RAM  |  Making Backups  |  Displays  |  4K / 8K / 16K / etc.  |  Do I need 80+ Platinum?

If you can read this you're using the wrong theme.  You can change it at the bottom.

Link to post
Share on other sites
Posted

10 if you use a symbol ($ etc) and a number, 11 if just a number, 12+ if just letters (all of these take more than a year brute force)

https://linustechtips.com/main/topic/631048-psu-tier-list-updated/ Tier Breakdown (My understanding)--1 Godly, 2 Great, 3 Good, 4 Average, 5 Meh, 6 Bad, 7 Awful

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Programs, Apps and Websites

×