Information
Secure Passwords
The interrelation between password length and brute-force attacks
Brute-force attacks are attempts by a computer program to break the password of another program by trying out all possible combinations of letters and numbers. It is thereby clear that the length of a password is of decisive importance for the security of the data.
If the user selects a password that only consists of six lower-case letters, the currently fastest single PC (in April 2007) could generate approximately 75,000,000 keys (in words: 75 million) per second.
In the case of a password consisting of six lower case letters, 308,915,776 (in words: 308 million) different letter combinations are possible from a purely mathematical viewpoint, with the result that a computer would need only 4 seconds in order to try out all the combinations.
According to this example, the mathematical rule for the calculation of the possible combinations is as follows:
Combinations = 26 (high 6)
= 26 * 26 * 26 * 26 * 26 * 26
= 308 915 776 / 75 000 000 Keys/sec
= 4.1 seconds
If you increase the length of the password to 7 characters, you will obtain the following:
Combinations = 26 (high 7)
= 26 * 26 * 26 * 26 * 26 * 26 * 26
= 8 031 810 176 / 75 000 000 Keys/sec
= 107 seconds
= 1 minute 47 seconds
If you increase the length of the password to 8 characters, you will obtain the following:
Combinations = 26 (high 8)
= 26 * 26 * 26 * 26 * 26 * 26 * 26 * 26
= 208 827 064 576 / 75 000 000 Keys/sec
= 2784 seconds
= 48 minutes
ProtectStar R&D recommends that users should choose a password that consists of the following requirements:
Password length: |
- at least 10 characters (optimal: 12 characters ) |
|
Characters to be used: |
- Upper case letters (A, B, C, ... Z) |
- Lower case letters (a, b, c, ... z) |
- Numbers (1, 2, 3, ... 9) |
- Special characters (*, #, =, ... +) |
back to: information
For more information, questions or feedback, please send your e-mail to the following address:
