• Welcome to Autism Forums, a friendly forum to discuss Aspergers Syndrome, Autism, High Functioning Autism and related conditions.

    Your voice is missing! You will need to register to get access to the following site features:
    • Reply to discussions and create your own threads.
    • Our modern chat room. No add-ons or extensions required, just login and start chatting!
    • Private Member only forums for more serious discussions that you may wish to not have guests or search engines access to.
    • Your very own blog. Write about anything you like on your own individual blog.

    We hope to see you as a part of our community soon! Please also check us out @ https://www.twitter.com/aspiescentral

Password Strength?

B

BruceCM

Well-Known Member
Is a 9 character mixture of letters & numbers really stronger than a 14 digit number? Bearing in mind that nobody knew it was only numbers, I don't see how that works. Anybody?
 
That sentence did some strange auto correct. I put together a 14 character... using this page
 
According to that site, it'd take a desktop pc 1000 years to crack my old password & only about 1 year for the new one! So, this 'theory' that a mixture of numbers & letters is any better (since nobody knows whether you're doing that or not) is blatantly disproved.
 
I always figure that knowledge of stuff like "only numbers" or "case sensitive" is possible to acquire from outside sources, and not only by attempting to crack said password. But that's a really big variable x-factor which you couldn't really start to account for when calculating the risk of password theft/loss/cracking.

But that might just as well be the same as an insecure database, which might (just hang with me on this one) be easier to crack then the an individual account.

It's also said that one pc needed a thousand years to crack a single password. But since everyone has a pc nowadays... and hacking/cracking networks are pretty big, I doubt there's only 1 pc around. They could divide work. I mean, even if it's 10000 users in a network that really, really, really want to obtain your password, and take in account they all just have one pc, it would take 36,5 days or so. And it's probably just a background process even. Those apps might even run in multiples on a single machine.

As for the posibilities, 14 digits (where one would not be aware of that) would be a bigger change to hit. Even just with no difference in lower/uppercase, it's still 5 times 36 (26 letters + 10 digits), the amount extra... if I'm correct. However, like I said... who says, one can't obtain the information which states what kind of characters are allowed? It would decrease the time to crack the code significantly.

I'm not trying to get all hard and difficult, but I don't believe any information is safe and even less in a digital enviroment. Just look beyond the (password)box.
 
For trying to 'break' an individual password, I thought you didn't get an infinite number of tries, though? If somebody wanted to get into my accounts that badly, they'd be better off breaking into my room & stealing the laptop! Nobody knew my previous password was 'just' numbers, really. How secure is, say, yahoo, if your 'crack team' really wanted to get into their database? Then, they'd get all the passwords, etc!
 
BruceCM said:
Is a 9 character mixture of letters & numbers really stronger than a 14 digit number? Bearing in mind that nobody knew it was only numbers, I don't see how that works. Anybody?
Click to expand...

I think that would depend. If the 14 character mixture didn't spell out an actual word and was arbitrary characters it would probably be just as strong, if not stronger, than the 9 character mixture of letters, numbers and special characters.

Here's the type of password I typically use:

MAJvbr@c%5fF787Y60k5*5YTB9X*%Y

Region_8_.png


I always use 30 characters (when sites allow you to use up to that many characters) and always include lots of special characters, lower and upper-case letters, and numbers in my passwords. It would be trivial to even bother trying to figure out the password of someone who uses passwords that strong.
 
Last edited:
Do tell me how anybody is going to know whether my password is an actual word or not, please? Given they don't, I really do not see how it makes any difference, sorry!
 
BruceCM said:
Do tell me how anybody is going to know whether my password is an actual word or not, please?
Click to expand...

A dictionary attack could allow someone to know whether your password is an actual word or not.

A dictionary attack uses a targeted technique of successively trying all the words in an exhaustive list called a dictionary (from a pre-arranged list of values). In contrast with a brute force attack, where a large proportion key space is searched systematically, a dictionary attack tries only those possibilities which are most likely to succeed, typically derived from a list of words for example a dictionary (hence the phrase dictionary attack) or a bible etc. Generally, dictionary attacks succeed because many people have a tendency to choose passwords which are short (7 characters or fewer), single words found in dictionaries or simple, easily-predicted variations on words, such as appending a digit.
Click to expand...
 
Then the previous 14 digit number was better! A dictionary attack wouldn't have got that. It's sites that insist on a mixture of characters & numbers.
 
You must log in or register to reply here.

New Threads

Top Bottom