Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: How secure would this password be, practically speaking?
7 points by andrewstuart2 on July 17, 2014 | hide | past | favorite | 4 comments
So I currently have a rule for myself that I don't let any new passwords be shorter than my previous password. As you may guess, my passwords are getting quite long after a few years of having to change every N days. This got me thinking.

I know it's low entropy, but as a guess on how most modern brute force attacks work, I was wondering how secure something like this would be, both conceptually and practically:

1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAaaaaaaaaaaaaaaaaaaaaa



Not at all. I always use a password cracker that starts with a dictionary attack based on every word posted on HN. 1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAaaaaaaaaaaaaaaaaaaaaa will now be one of the fist passwords to go.


I would say fairly secure based on length

Here is the reason:

1. It is 101 characters. If I was brute force attacking I'd imagine I'd target passwords <32 characters. Probably more like 8-16.

2. It has [a-zA-Z0-9]. This isn't bad, but isn't optimal. Add some symbols or non ASCII characters to really screw up brute force attacks.

3. If for some reason this is the password on a system that is not hashing but encrypting and using a cipher in ECB then it is definitely not secure.

Honestly if this was a password on a giant list I'd skip it and move on to easier targets.


According to https://howsecureismypassword.net/, it would take A billion quinquagintillion years for a normal PC.

Not sure how reliable its calculations are.


good luck typing it




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: