Everything, Everything

2024: January February March
2023: J F M A M J J A S O N D
2022: J F M A M J J A S O N D
2021: J F M A M J J A S O N D
2020: J F M A M J J A S O N D
2019: J F M A M J J A S O N D
2018: J F M A M J J A S O N D
2017: J F M A M J J A S O N D
2016: J F M A M J J A S O N D
2015: J F M A M J J A S O N D
2014: J F M A M J J A S O N D
2013: J F M A M J J A S O N D
2012: J F M A M J J A S O N D
2011: J F M A M J J A S O N D
2010: J F M A M J J A S O N D
2009: J F M A M J J A S O N D
2008: J F M A M J J A S O N D
2007: J F M A M J J A S O N D
2006: J F M A M J J A S O N D
2005: J F M A M J J A S O N D
2004: J F M A M J J A S O N D
Size Matters
Tuesday 25th July, 2006 16:54 Comments: 0
Or more specifically, length. Lots of people talk about complexity being incredibly important when it comes to passwords. It's definitely useful, and makes life harder for those naughty people that want to obtain your passwords, but length can make it a lot harder if you\'re going for a brute force approach. There's been a nice discussion on a mailing list, but I\'ll just steal the interesting mathematical part.

The possible combinations of 6 character passwords using only lowercase letters of the alphabet are

26^6 = 308915776

The possible combination of 16 character passwords using only lowercase letters are:

26^16 = 43608742899428874059776

The possible combinations of 6 character passwords using a-zA-Z0-9 and your favorite 32 punctuation:

95^6 = 735091890625

You can see, in n^k, increasing k means increasing the outcome much faster than increasing n. Increasing the possible combinations means increasing the time to discover the password through pure brute force methods.

Once humans are introduced, it becomes more complicated than this.


That final sentence is true, especially if you use a dictionary, as the simplest way to remember a 16 character password would be some form of sentence made up of real words (e.g. thisismypassword). Having said that, I regularly use fairly random passwords that are 10 and 11 characters long that I can remember (and haven\'t written down under my keyboard), so it's not impossible.
© Robert Nicholls 2002-2024
The views and opinions expressed on this site do not represent the views of my employer.
HTML5 / CSS3