[Back][Slides] We can calculate the total number of passwords possible by analysing the number of characters used. The calculation uses a calculation speed based on the number of passwords tried with brute force:
The strength of a password relates to three major elements:
- The number of characters in the password. The more characters that are in the password the stronger the password will be.
- The range of characters in the password. The wider the range of characters in a password will increase its strength, especially to use non-alphabet ones (such as "!", "@", and so on).
- The cracking speed of a brute force generator. This relates to the speed of the cracker, such as 1,000,000 tries per second.
For example if we have lowercase letters [a-z] we have 26 characters, and add uppercase letters [A-Z], we get 52 characters. If we then have 5 characters in the password, the number of password combinations will be:
aaaaa to ZZZZZ
which will be 52 to the power of 5 = 380,204,032
If we crack these passwords at a rate of one million per second then it will take 380 seconds to try all of them (6.23 mins).
Here is the calcuation for [a-zA-Z] with one million password attempts per second. We can see that for seven digit password it takes 11.9 days, and for a 10-digit one it takes over 4,000 years:
But if we now use 1 billion passwords per second, we can see that a seven character password only takes 17.13 mins to crack:
In general terms, we can calculate the number of passwords for a 5-character password with a range of character sets: