Jamit Software Forum
Welcome, Guest. Please login or register.
June 10, 2023, 12:56:16 am

Login with username, password and session length
Search:     Advanced search
May 27th, 2009 - Jamit Software Launches the forum today!
3,080 Posts in 791 Topics by 2,001,738 Members
Latest Member: MelodeeGen
* Home Help Search Login Register
+  Jamit Software Forum
|-+  Jamit Software
| |-+  Forum Rules and Website feedback
| | |-+  Password Strength		 « previous next »
Pages: [1] Print
Author Topic: Password Strength  (Read 46226 times)
Peter
Administrator
Hero Member
*****
Posts: 248
« on: February 17, 2011, 11:48:32 pm »
Members shall be advised that their password shall meet minimum requirements for strength.

We have noticed that hackers have been trying to break into our member's accounts.

It would not hurt that you changed your passwords now! Especially some older members may be using passwords of insufficient strength. Don't use a password that you use on some other site; don't use your girlfriend's name, your phone number,......

Some passwords shorter than 8 characters can be broken as quickly as few minutes.

NIST recommends 80-bits entropy for the most secure passwords. Personally, I would recommend password lengths of 10 characters minimum and best if longer than 16.

Character set                   Example            Length   Entropy   Time to Crack
----------------------------------------------------------------------------------------
All printable ASCII             meNp0/^EZ':zt/J4     16    104 bits   127 trillion years
Upper & lower case + numerals   53mLDcjFPqudfUmf     16     95 bits   6 trillion years
Hexadecimal                     5ce1543ec22d43c5     16     82 bits   1 billion years
Only A-Z                        QEKFLSKZBEEXJHES     16     75 bits   5 million years
Only numerals                   7680572112805159     16     52 bits   1 year


Length  Example        Entropy     Time to Crack
-------------------------------------------------------
4       gZi;            24 bits    0.029246464 seconds
5       H~]DF           28 bits    0.360896796 seconds
6       .CRXfy          37 bits    1 minute
7       <pB/`Be         43 bits    1 hour
8       {5j$zpqE        51 bits    46 days
9       bh}m^LJk]       56 bits    2 years
10      uMNl!6^MI6      64 bits    713 years
11      HB?6G"B<EDr     71 bits    53 thousand years
12      h%Z"$w,<T]@P    76 bits    720 thousand years
13      <[~/oboD'$%}+   82 bits    46 million years
14      `_%2aD[e=D5"4i  91 bits    22 billion years

What is ENTROPY? To put it simply, 1 bit of improvement means 2x harder to crack! 3 bits is 8x harder. The function is exponential. In the above example, the difference between 104 bits and 52 bits is improvement of 4,503,599,627,370,496 times harder to crack!

Secure passwords are best when generated randomly. Human-chosen passwords are far less secure (i.e. have lower entropy). Useful random password generator can be found here: https://convertcalculate.com/strings/random-string.html

For further reading, refer to https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength .
« Last Edit: April 08, 2011, 12:00:07 am by Peter » Logged
SECURE your site BEFORE you wish you had! Use plugins by COLOSSAL MIND!
szabcsee
Jammers
Hero Member
*
Posts: 115
« Reply #1 on: November 07, 2011, 08:12:25 am »
interesting  Grin
Logged
Pages: [1] Print 
« previous next »
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.044 seconds with 17 queries.