I does not appear to look at dictionary attacks. By the way the above site looks like a great way to build a huge dictionary of passwords. Also evaluate P@$$w0rd probably in the first 50 guesses of any 15 year old with IT knowledge.
I does not appear to look at dictionary attacks. By the way the above site looks like a great way to build a huge dictionary of passwords. Also evaluate P@$$w0rd probably in the first 50 guesses of any 15 year old with IT knowledge.
I'm impressed. Mine came in as:
GRC's Interactive Brute Force Password “Search Space” Calculator
(NOTHING you do here ever leaves your browser. What happens here, stays here.)
Enter and edit your test passwords in the field above while viewing the analysis below.
3 Uppercase
6 Lowercase
2 Digits
1 Symbol
12 Characters
Brute Force Search Space Analysis:
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+26+10+33 = 95 Search Space Length (Characters): 12 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)546,108,
599,233,516,079,517,120Search Space Size (as a power of 10): 5.46 x 1023
Note that typical attacks will be online password guessing
Online Attack Scenario:
(Assuming one thousand guesses per second)1.74 hundred billion centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)1.74 thousand centuries Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)1.74 centuries
limited to, at most, a few hundred guesses per second.
Hmmm seems a few of mine were a bit weak, easy to crack, so have just updated them. I typed in similar types of passwords and not ones in use then used the information to strengthen mine. Ones for important places are longer for obvious reasons.
Here is the result:-
Brute Force Search Space Analysis:
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+26+10+33 = 95 Search Space Length (Characters): 19 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)38,
136,800,256,227,897,272,
064,940,472,866,626,495Search Space Size (as a power of 10): 3.81 x 1037
Online Attack Scenario:
(Assuming one thousand guesses per second)12.13 trillion trillion centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)1.21 hundred thousand trillion centuries Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)1.21 hundred trillion centuries
Hmmmt hat should about do methinks
Last edited by Brithunter; 07-09-2014 at 05:19 AM.
Neither a borrower nor a lender be;
For loan oft loses both itself and friend,
And borrowing dulls the edge of husbandry.
This above all: to thine ownself be true
I just found this thread. Very interesting. While I don't choose easy passwords, I do use the same one for any site that is of no consequence if hacked. Such as Cast Boolits. I try to use unique passwords for critical sites(bank accounts, credit card accounts, brokerage accounts, etc.) and change them occasionally.
I haven't gone to the referenced site yet but will and will probably change many of my passwords.
I am curious if anyone has a comment about my passwords for sites than have no financial consequences.
John
W.TN
I just changed the passwords on several sites that would have financial impact if hacked. One of them limited the length to 12 characters. Another was not case sensitive. The first had no impact on security and the second(comparison below) appeared to me to be significant.
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+10+33 = 69 Search Space Length (Characters): 10 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)2,
482,167,502,723,212,150Search Space Size (as a power of 10): 2.48 x 1018
Online Attack Scenario:
(Assuming one thousand guesses per second)7.89 hundred thousand centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)9.47 months Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)6.89 hours
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+26+10+33 = 95 Search Space Length (Characters): 10 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)60,
510,648,114,517,017,120Search Space Size (as a power of 10): 6.05 x 1019
Online Attack Scenario:
(Assuming one thousand guesses per second)19.24 million centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)19.24 years Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)1.00 weeks
On the site that didn't recognize alpha case differences, I didn't change the password. I probably will at some later time. Also my passwords are not memorable. I have to write them down. It is somewhat inconvenient if I need a password while away from home, but I accept that. An intruder might possible find my list but he would have to stay in the house much longer than would be comfortable,
John
W.TN
I like this one:
Tea42AndILoveYou!
Brute Force Search Space Analysis:
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+26+10+33 = 95 Search Space Length (Characters): 17 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)4,225,684,238,917,218,
534,300,824,429,126,495Search Space Size (as a power of 10): 4.23 x 1033
Online Attack Scenario:
(Assuming one thousand guesses per second)1.34 billion trillion centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)13.44 trillion centuries Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)13.44 billion centuries
Blacksmith
S. G. G. = Sons of the Greatest Generation. Too old to run, too proud to hide; we will stand our ground and take as many as we can with us!
I should be in purdy fair shape.
Brute Force Search Space Analysis:
Time Required to Exhaustively Search this Password's Space:
Search Space Depth (Alphabet): 26+10+33 = 69 Search Space Length (Characters): 11 characters Exact Search Space Size (Count):
(count of all possible passwords
with this alphabet size and up
to this password's length)171,
269,557,687,901,638,419Search Space Size (as a power of 10): 1.71 x 1020
Online Attack Scenario:
(Assuming one thousand guesses per second)54.46 million centuries Offline Fast Attack Scenario:
(Assuming one hundred billion guesses per second)54.46 years Massive Cracking Array Scenario:
(Assuming one hundred trillion guesses per second)2.83 weeks
Seven Characters and a Capital works for me
DocSleepyGrumpyBashfulHappyDopeySneezyLansing
Kevin
Why don't you knock it off with them negative waves? Why don't you dig how beautiful it is out here? Why don't you say something righteous and hopeful for a change? (Sgt. Oddball, KELLY'S HEROES)
__________________________________________________ __________________________________________________ _____________________________
my feedback thread
http://castboolits.gunloads.com/show...raight-shooter
I would hope that no one is posting actual passwords that they intend to use.
John
W.TN
For those who have a lot of passwords, I recommend LastPass. It keeps track of all of your passwords. I don't even know my passwords as they are randomly generated by LastPass. The Chrome extension auto fills the passwords. There is also an app for iOS and Android.
By default it generates passwords that are 12 characters and contain uppercase, lowercase, and numbers. It says that a randomly generated password would take 1.04bil centuries to crack using the online fast method. Good enough for me.
I keep a backup encrypted spreadsheet just in case something ever happens to LastPass.
As the website says, there are two types of password strength. One is the complexity and the other is the dictionary strength. By using a string of characters that is not a word you increase the dictionary strength considerably. The string need not be very long. Something like zpKx or the a letter from the name of some family members with a mix of upper and lower case would seriously increase the dictionary strength.
You can test your password on the OP's link by entering a different combination of characters that has the same quantity of upper case, lower case, punctuation and numeric characters as your actual password. The results will be the same in the test.
David
Sometimes life taps you on the shoulder and reminds you it's a one way street. Jim Morris
BP | Bronze Point | IMR | Improved Military Rifle | PTD | Pointed |
BR | Bench Rest | M | Magnum | RN | Round Nose |
BT | Boat Tail | PL | Power-Lokt | SP | Soft Point |
C | Compressed Charge | PR | Primer | SPCL | Soft Point "Core-Lokt" |
HP | Hollow Point | PSPCL | Pointed Soft Point "Core Lokt" | C.O.L. | Cartridge Overall Length |
PSP | Pointed Soft Point | Spz | Spitzer Point | SBT | Spitzer Boat Tail |
LRN | Lead Round Nose | LWC | Lead Wad Cutter | LSWC | Lead Semi Wad Cutter |
GC | Gas Check |