1. ## Password Security Question

Is there some kind of tutorial or paper written on the relative strength of passwords based on types and numbers of certain characters employed? For instance, my root password is 28 characters long. 4 of the characters are special characters, 3 are numbers, 3 are upper-cased letters, and 18 of them are lower-cased. How can I tell how strong that particular password is?

Thanks,

Cheers

2. ## Re:Password Security Question

wow! you&#039;re doing way better than i am. my root password is 8 characters.

Try downloading &quot;John The Ripper&quot; and try to crack your own password. I&#039;m not sure if any other program that&#039;d tell you how &quot;strong&quot; your pasword is. The best way to check IMO is to attempt to crack it.

3. ## Re:Password Security Question

I was actually surprised at how well john the ripper works. I mean for dictionary I knew it was fast, but for say a alphanumeric 7 letter password? It only took me like 2 weeks. It wasn&#039;t a bad password except for being so short, and all the same case, and no special characters.

4. ## Re:Password Security Question

Is there some kind of tutorial or paper written on the relative strength of passwords based on types and numbers of certain characters employed? For instance, my root password is 28 characters long. 4 of the characters are special characters, 3 are numbers, 3 are upper-cased letters, and 18 of them are lower-cased. How can I tell how strong that particular password is?

Thanks,

Cheers
[/quote]

I don&#039;t have the link off hand, but I remember reading a paper that talked about how password longer than 12 or so letters suffered from diminishing returns.

But imagine that the password is case sensitive, then you have

lower-case letters = 26
upper-case letters = 26
numbers = 10
special characters = say, just 10 !@\$%^&amp;*()

26+26+10+10 = 72 possible characters.

Now imaging that the password is actually a base-72 number, then a 28-digit password would have 72^28=1e+52 possible permutations. That&#039;s a whole lot. A brute-force attack would require several thousand years to crack that, assuming it could try trillions every second.

5. ## Re:Password Security Question

I&#039;ll give John a try. Sounds like it could be fun to see how long it takes to crack.

t048 - so a password that is longer than 12 characters is not inherently stronger than a 12 character password. Interesting. I&#039;m not really certain why I chose a 28 character password, I guess it just seemed like the thing to do at the time.

Thanks

Cheers

6. ## Re:Password Security Question

I use sentences with numbers thrown in, I doubt I know how strong they are. Speaking of John the Ripper, what about good ol crack?

7. ## Re:Password Security Question

I always like diceware for picking passwords. The faq&#039;s got a good bit about what makes a good password, such as length, special characters, etc.

8. ## Re:Password Security Question

Password security can be a double edged sword. Making passwords that are hard to guess by virtue of being esoteric also makes them hard to remember. Then it gets tempting to write them down.

#### Posting Permissions

• You may not post new threads
• You may not post replies
• You may not post attachments
• You may not edit your posts
•