Learn about password strength

xrobwx71 · Feb 25, 2022

This will show you all the possible combinations of a password.

GRC's | Password Haystacks: How Well Hidden is Your Needle?

The following is a direct quote from the site:

IMPORTANT!!! What this calculator is NOT . . .

It is NOT a “Password Strength Meter.”

Since it could be easily confusing for one, it is very important for you to understand what it is, and what it isn't:

The #1 most commonly used password is “123456”, and the 4th most common is “Password.” So any password attacker and cracker would try those two passwords immediately. Yet the Search Space Calculator above shows the time to search for those two passwords online (assuming a very fast online rate of 1,000 guesses per second) as 18.52 minutes and 17.33 centuries respectively! If “123456” is the first password that's guessed, that wouldn't take 18.52 minutes. And no password cracker would wait 17.33 centuries before checking to see whether “Password” is the magic phrase.

Okay. So what IS the “Search Space Calculator”?

This calculator is designed to help users understand how many passwords can be created from different combinations of character sets (lowercase only, mixed case, with or without digits and special characters, etc.) and password lengths. The calculator then puts the resulting large numbers (with lots of digits or large powers of ten) into a real-world context of the time that would be required (assuming differing search speeds) to exhaustively search every password up through that length, assuming the use of the chosen alphabet.

Rich (BB code):

Gibson Research Corporation is owned and operated by Steve Gibson.  The contents
of this page are Copyright (c) 2022 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy

britechguy · Feb 25, 2022

One of the things stated on this page, that needs to be stated again and again and again:
Once an exhaustive password search begins, the most important factor is password length!

I have posted my own tutorial, The Portmanteau Method of Creating Passwords, on multiple sites, including this one, on multiple occasions. Having a password, a pass phrase really, in excess of 10 characters that is meaningful to you, but virtually no one else could possibly guess, is a far better protection than a random collection of characters you simply cannot possibly remember.

If your portmanteau were something like Admiral1410aSysnative*, where you'd substitute something site specific and meaningful to you for "Sysnative" in the example, good luck to anyone trying to guess it, let alone use brute force methods to crack it. If you want to be really anal retentive, switch up the ordering of the fixed portions of your portmanteau based on something directly related to the site in question (e.g. starts with A-K versus starts with L-Z).

It is possible to create very, very strong passwords that are very easy for the person typing them to use, but next to impossible for someone who does not know you incredibly well (and if you pick the fixed parts correctly, that could easily include fooling your spouse) to ever guess.

It's always wise to use a password manager to back up your memory as well.

Search

Search

Learn about password strength

xrobwx71

Administrator

britechguy

Well-known member