Reputation: 2660
Does knowing password structure and length speed up the cracking process?
Let's say I have a strong or semi-strong password (such as YankeesWillWin1903$).
And via a generic hash function (MD5 in this example), is transformed into this for database storage (55eeaadeb829cedb2a18fe5f477cc4ec).
In addition, let's assume that a hacker knows that my password is composed of the following information, in order:
1. 14 letters
2. 4 numbers
3. A symbol
How much faster can the hacker crack this hash by knowing this information? I will be concerned if it is order of magnitude faster. Thanks all.
Upvotes: 0
Views: 123
Answers (1)
Reputation: 426
Given the hacker knows that information, you can calculate the time it would take for a brute force hack.
1. 52 possible letters
2. 10 possible numbers
3. 32 possible symbols
52 ^ 14 = how many possible 14 letter combinations there are
10 ^ 4 = how many possible 4 number combinations there are
32 ^ 1 = how many possible 1 symbol combinations there are
Then 'and' (aka multiply) those all together and you get a pretty big number. So the computer would have to try at most that many combinations in order to find the password.
Improvements could be to use only dictionary words to make up the 14 letter combinations. I'm pretty sure there would be less of those than all the possible combinations.
Upvotes: 1
Related Questions
- About how fast can you brute force PBKDF2?
- Password length vs DOS attack
- How many bits are there in a character in a password?
- password hashing - success probability of cracking
- Is just a long password more secure than a user/password combination?
- Password complexity strategies - any evidence for them?
- How do password restrictions help security?
- Do similar passwords have similar hashes?
- Password symbols, length and 'strength'
- Does obfuscating a security model have a place in password security?