Reputation: 35
Passphrase vs. Brute Force Attacks
Why are passphrases more secure than normal passwords? (p%9y#k&yFm?)
Wouldn't it be easier to crack a passphrase than a normal password, since it only contains letters?
And is there any way to make passphrases more secure?
Upvotes: 0
Views: 448
Answers (1)
Reputation: 190
In a brute force attack against a passphrase, since there are generally more characters, it takes longer to crack if just guessing.
Ex:
Password - e7%2b
Number of possible solutions: 128 ^ 5 = 34,359,738,368
(5 is number of characters, 128 is character amount in ascii for example)
Passphrase - iloveicecream
Number of possible solutions: (2 * 26)13 = 20,325,604,337,285,010,030,592
(13 characters, 26 * 2 (lowercase and capital) amount of letters)
A detailed attack can try and guess words based on other words, ex. with ice it could guess cream, but it still takes a long time to process.
Obviously, a super long passphrase is ideal but iloveicream is a very simple password for a person to remember which is why it is often said to be the best.
Upvotes: 1
Related Questions
- do bruteforcing with python
- Magento - Security and brute force
- How do password restrictions help security?
- How should one defend against an off-line brute force password attack?
- What can be done to protect against brute-force of compromised password databases?
- Is it possible to harden aes encryption against brute force attack?
- Can salt prevent dictionary or brute force attacks?
- How can I prevent brute-force attacks?
- Are there any security measures that are resistant to a brute force attack?
- Brute force attack permutations