From bc94ea9faca37e038bebb38ee2a0fd95c1728ab8 Mon Sep 17 00:00:00 2001 From: Jan Vales Date: Sat, 3 May 2014 22:28:55 +0200 Subject: [PATCH] added 6-digit passwords --- report1/content.tex | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/report1/content.tex b/report1/content.tex index 2e57860..c4a7624 100644 --- a/report1/content.tex +++ b/report1/content.tex @@ -53,6 +53,7 @@ f14a5968e96f12102a9e6c44d7736c4ebc703881db0fe18797446db0db4f9a3e} On my machine/setup I can probe for 18 passwords per second.\\ \subsection{How much time is needed for brute forcing different password lengths and character sets?} +\subsubsection{using a 4-digit-password} Numeric passwords have only 10 possible states with one digit.\\ With a 4 digit password it would take at max (10**4) 10000 operations or 555 seconds (or 9.2 minutes) to bruteforce such a password.\\ If we add lowercase characters, we get 36 possible states with one digit.\\ @@ -62,12 +63,22 @@ With a 4 digit password it would take at max (62**4) 14776336 operations or 8209 We can add non-alphanumeric characters to get even more possible states with one digit.\\ +\subsubsection{using a 6-digit-password} +Numeric passwords have only 10 possible states with one digit.\\ +With a 6 digit password it would take at max (10**6) 1000000 operations or 55555 seconds (or 15.43 hours) to bruteforce such a password.\\ +If we add lowercase characters, we get 36 possible states with one digit.\\ +With a 6 digit password it would take at max (36**6) 2176782336 operations or 120932352 seconds (or 3.83 years) to bruteforce such a password.\\ +If we add uppercase letters, we get 62 possible states with one digit.\\ +With a 6 digit password it would take at max (62**6) 56800235584 operations or 3155568643 seconds (or 99.99 years) to bruteforce such a password.\\ +We can add non-alphanumeric characters to get even more possible states with one digit.\\ + + \subsection{What is the minimum password length and complexity for having a secure container for at least 10 years? (You may assume constant computing power)} 10 years have 315576000 seconds. If we assume that we can probe 18 passwords per second (in my setup), we need a password that needs at least 5680368000 operations to bruteforce to get a secure container for 10 years.\\ This would be a numeric password with 10 digits, an alphanumeric password with 7 digits, an mixedcase alphanumeric password with 6 digits.\\ Using non-alphanumeric characters will decrease the min-required-digits-on-my-setup even further.\\ -But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking a password should be way longer than that in order to be safe from evil guys like the NSA. +But as one can assume that professional bruteforcing involves distributed GPU or ASIC powered cracking, a password should be way longer than that in order to be safe from evil guys like the NSA. -- 2.43.0