- Sep 17, 2013
- 1,492
Password cracking system can check 33.1 billion password/sec using four HD 5970 graphics cards.
Suppose they build a sytem which can check 100 billion password/sec. That would be 10 ^ 11 password/sec.
Suppose they dedicate 100 years for cracking a password.
Suppose they use 10 billion such systems working togeteher to crack a password.
Then using 10 billion computers at speed of 100 billion password/sec and working for 100 years they will be able to generate 3.1536 x 10^30 password hash.
To make it future proof if we assume that single computer gets 1 million times more powerful in near future, crackers will be able to generate not more than 3.1536 x 10^36 password hash.
If you use following character set in password
Total possible password with 19 charaters = 3.086 x 10^37
So password length of 19 should be safe enough from being brute force cracked.
My suggestion is that you must use password length of atleast 20 characters using all the four character sets.
If you use only lowercase alphabets then you must use atleast 30 character passwords to make it secure from cracking.
If you mix lowercase alphabet and numbers then you must use atleast 25 character password.
Using all four character sets and 100 character password length these is 2.0548747705235988e+197 possible passwords. Above mentioned system will take 6.515965 x 10^158 years to crack it.
That would be 651.5965 thousand quinquagintillion years.
Suppose they build a sytem which can check 100 billion password/sec. That would be 10 ^ 11 password/sec.
Suppose they dedicate 100 years for cracking a password.
Suppose they use 10 billion such systems working togeteher to crack a password.
Then using 10 billion computers at speed of 100 billion password/sec and working for 100 years they will be able to generate 3.1536 x 10^30 password hash.
To make it future proof if we assume that single computer gets 1 million times more powerful in near future, crackers will be able to generate not more than 3.1536 x 10^36 password hash.
If you use following character set in password
- 0123456789
- abcdefghijklmnopqrstuvwxyz
- ABCDEFGHIJKLMNOPQRSTUVWXYZ
- !@#$%^&*()`~-_=+\|[]{};:'",.<>/?
Total possible password with 19 charaters = 3.086 x 10^37
So password length of 19 should be safe enough from being brute force cracked.
My suggestion is that you must use password length of atleast 20 characters using all the four character sets.
If you use only lowercase alphabets then you must use atleast 30 character passwords to make it secure from cracking.
If you mix lowercase alphabet and numbers then you must use atleast 25 character password.
Using all four character sets and 100 character password length these is 2.0548747705235988e+197 possible passwords. Above mentioned system will take 6.515965 x 10^158 years to crack it.
That would be 651.5965 thousand quinquagintillion years.
