Hi,
I wanted to know how a password is really cracked. My understanding was that it was done by brute force but I dont see how this is possible.
For example...
1.) Create a password with 10 digits and assume that you can only use numbers. Then the password has 10,000,000,000 or 10 billion combinations. And a brute force crack would need on average 5 billion guesses to crack the password.
2.) Suppose that a 10 digit password with 10^10 total possible combinations takes 5 minutes to crack.
3.) Now create an 11 digit password which has 10^11 total combinations or 10 times as many as the 10 digit password. So it would now take 5 minutes * 10 = 50 minutes on average to crack because there are 10 times as many combinations to guess.
4.) By adding digits you can effectively prevent any brute force crack by adding an extra digit. Because the search time of a brute force attack will be proportional to the total combinations of passwords possible... the total combination increases by N^10, where N is the number of "digits" in the password.
11 digit password = 10^11 combinations = 10^1 * 5 minutes
12 digit password = 10^12 combinations = 10^2 * 5 minutes
13 digit password = 10^13 combinations = 10^3 * 5 minutes
14 digit password = 10^14 combinations = 10^4 * 5 minutes
15 digit password = 10^15 combinations = 10^5 * 5 minutes
...
N digit password = 10^N combinations = 10^(N-10) * 5 minutes
So how are passwords really cracked if brute force can effectively be prevented by adding an extra character?
Thanks
I wanted to know how a password is really cracked. My understanding was that it was done by brute force but I dont see how this is possible.
For example...
1.) Create a password with 10 digits and assume that you can only use numbers. Then the password has 10,000,000,000 or 10 billion combinations. And a brute force crack would need on average 5 billion guesses to crack the password.
2.) Suppose that a 10 digit password with 10^10 total possible combinations takes 5 minutes to crack.
3.) Now create an 11 digit password which has 10^11 total combinations or 10 times as many as the 10 digit password. So it would now take 5 minutes * 10 = 50 minutes on average to crack because there are 10 times as many combinations to guess.
4.) By adding digits you can effectively prevent any brute force crack by adding an extra digit. Because the search time of a brute force attack will be proportional to the total combinations of passwords possible... the total combination increases by N^10, where N is the number of "digits" in the password.
11 digit password = 10^11 combinations = 10^1 * 5 minutes
12 digit password = 10^12 combinations = 10^2 * 5 minutes
13 digit password = 10^13 combinations = 10^3 * 5 minutes
14 digit password = 10^14 combinations = 10^4 * 5 minutes
15 digit password = 10^15 combinations = 10^5 * 5 minutes
...
N digit password = 10^N combinations = 10^(N-10) * 5 minutes
So how are passwords really cracked if brute force can effectively be prevented by adding an extra character?
Thanks
