Jamit Software Forum

Jamit Software => Forum Rules and Website feedback => Topic started by: Peter on February 17, 2011, 11:48:32 pm

Title: Password Strength
Post by: Peter on February 17, 2011, 11:48:32 pm
Members shall be advised that their password shall meet minimum requirements for strength.

We have noticed that hackers have been trying to break into our member's accounts.

It would not hurt that you changed your passwords now! Especially some older members may be using passwords of insufficient strength. Don't use a password that you use on some other site; don't use your girlfriend's name, your phone number,......

Some passwords shorter than 8 characters can be broken as quickly as few minutes.

NIST recommends 80-bits entropy for the most secure passwords. Personally, I would recommend password lengths of 10 characters minimum and best if longer than 16.

Character set                   Example            Length   Entropy   Time to Crack
All printable ASCII             meNp0/^EZ':zt/J4     16    104 bits   127 trillion years
Upper & lower case + numerals   53mLDcjFPqudfUmf     16     95 bits   6 trillion years
Hexadecimal                     5ce1543ec22d43c5     16     82 bits   1 billion years
Only A-Z                        QEKFLSKZBEEXJHES     16     75 bits   5 million years
Only numerals                   7680572112805159     16     52 bits   1 year

Length  Example        Entropy     Time to Crack
4       gZi;            24 bits    0.029246464 seconds
5       H~]DF           28 bits    0.360896796 seconds
6       .CRXfy          37 bits    1 minute
7       <pB/`Be         43 bits    1 hour
8       {5j$zpqE        51 bits    46 days
9       bh}m^LJk]       56 bits    2 years
10      uMNl!6^MI6      64 bits    713 years
11      HB?6G"B<EDr     71 bits    53 thousand years
12      h%Z"$w,<T]@P    76 bits    720 thousand years
13      <[~/oboD'$%}+   82 bits    46 million years
14      `_%2aD[e=D5"4i  91 bits    22 billion years

What is ENTROPY? To put it simply, 1 bit of improvement means 2x harder to crack! 3 bits is 8x harder. The function is exponential. In the above example, the difference between 104 bits and 52 bits is improvement of 4,503,599,627,370,496 times harder to crack!

Secure passwords are best when generated randomly. Human-chosen passwords are far less secure (i.e. have lower entropy). Useful random password generator can be found here: https://convertcalculate.com/strings/random-string.html (https://convertcalculate.com/strings/random-string.html)

For further reading, refer to https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength (https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength) .

Title: Re: Password Strength
Post by: szabcsee on November 07, 2011, 08:12:25 am
interesting  ;D