Reputation: 10146
How long to brute force 16 character secret key
I have generated a 16 character alphanumeric secret key in bash with this command:
key=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 16 | head -n 1)
I am thinking of using this key to encrypt a password.
How long would it generally take for an attacker to brute force to find a key that would decrypt a password encrypted using this method?
Upvotes: 3
Views: 11333
Answers (1)
Reputation: 6629
There are 62 possibilities for each character, and 16 characters. This translates to 62^16 (47672401706823533450263330816) trials worse case, or half of that on average. If the attacker can do a billion trials per second, that means 47672401706823533450 seconds, which is about 1511681941489 years. I think that's pretty good protection. You could even chop off a few characters and still feel pretty safe.
Note, I would not be saying the same thing if you had chosen a 16 character password from your brain (rather than using /dev/urandom): human brains are not good at choosing good cryptographic keys.
Upvotes: 11
Related Questions
- Why should checking a wrong password take longer than checking the right one?
- About how fast can you brute force PBKDF2?
- What is the exact formula to calculate brute force password cracking time?
- Passphrase vs. Brute Force Attacks
- How much time would it take to test all possible encryption keys?
- How do I find out the complexity needed for a Unix password
- Key Bruteforcing
- Cracking a secure key
- Runtime of brute force string-matching algorithm
- Security - Number Of Characters For Login Hash