Passwords have an entropy value, and which measures their strength. In this case we will use the Rust genpass program to generate varying sizes of passwords.
Password Generator in Rust |
Background
We install genpass, with:
cargo install genpass
A sample run is:
Characters "10" . Generator: R%3.l0X.WX . Numeric: 6606569998 . Lowercase: klqvfwugcm . Uppercase: YTDZQSEMRD . Upper/Lowercase: OHBtovhGEX . Upper/Lowercase and Number: PD6srQsROO . Passphrase: backpedal riveting
and with 18 characters:
Characters "18" . Generator: 9n[;uFv[|$}$/K+m1p . Numeric: 061561686970727551 . Lowercase: jxpcrpvhuwvtlauwwn . Uppercase: YMUIZXCTPLDDVPGECF . Upper/Lowercase: ZqTHVSdMEAFVKOlubD . Upper/Lowercase and Number: 4eNgCHLpoYPWE0dLsH . Passphrase: dallying rambling unstable
and with 64 characters:
Characters "64" . Generator: X~96#jH[nHILiJMxhqWT4P[{S.sj(^Q.B0dO!BXR*/mpZH/$4BaownpIVOQ0us[x . Numeric: 6152179269777814915952516108645277308587583627440686746400268428 . Lowercase: ksuapdyyomubyrqpfkcwwvenorgkpzxuxagcejoqvbsryjqefktwdtctlvlmgwrl . Uppercase: XXEQBDUBNERZFVQNLSYJEQEESUJIQBYOOTHMPOAURZBIOHPYNYNQRPUDWHHSRUTE . Upper/Lowercase: liXmvTugSEFTEhOSTzxDHiNrvxoJoDTJhPIKkidxZOpvlurxnxsGvsFGbRGHsbfK . Upper/Lowercase and Number: 6mlm7cK3trmF9NdvNSIs9VWpxxrHZFG6VogOZlzjPPKZDMkUa26amnImMrLgTnoo . Passphrase: deed flavored catsup pushcart skedaddle unrobed graffiti viewpoint
The commands used are:
genpass.exe 10 genpass.exe -d 10 genpass.exe -l 10 genpass.exe -u 10 genpass.exe -lu 10 genpass.exe -ldu 10 genpass.exe --passphrase 100
We determine the key entropy with:
\(En = \frac{log_{10}(Phrases)}{log_{10}(2)}\)
So for an eight character lowercase password, we have \(26^8\) different phrases. The entropy is then:
\(En = \frac{log_{10}(26^8)}{log_{10}(2)}=37.6\) bits
The code used for this is:
var args = process.argv; if (args.length>1) test=args[2]; data = parseInt(test, 10); ent=Math.log(Math.pow(10,data))/Math.log(2) console.log("Numeric "+data+" characters. Entropy:\t\t",+ent.toFixed(4).slice(0,-1)+" bits"); ent=Math.log(Math.pow(26,data))/Math.log(2) console.log("Lowercase "+data+" characters. Entropy:\t",+ent.toFixed(4).slice(0,-1)+" bits"); ent=Math.log(Math.pow(52,data))/Math.log(2) console.log("Lower/uppercase "+data+" characters. Entropy:\t",+ent.toFixed(4).slice(0,-1)+" bits"); ent=Math.log(Math.pow(62,data))/Math.log(2) console.log("Lower/uppercase and number "+data+" characters. Entropy:\t",+ent.toFixed(4).slice(0,-1)+" bits");
Anything below 72 bits seen to be very weak!