How long will it take a computer to break your password?
Iyer, K. S. (2016, October 13). Top 10 Most Popular Password Cracking Tools. TechWorm.
March 2019
1
, Table of Contents
Introduction ………………………………………..………………………………………. 3
Investigation ………………………………………..……………………………………... 4
Theory ………………………………………..…………………………………… 4
Brute force cases ………………………………………..……………………….. 5
Dictionary attack cases ………………………………………..………………… 6
Extension ………………………………………..………………………………………… 8
Conclusion ………………………………………..………………………………………..12
References ………………………………………..……………………………………….14
2
,Introduction
In the modern world more than a million terabytes of information is stored online
(Mitchell, n.d.), a significant part of which is private or not meant to be changed or
revealed to strangers. Documents, reports, investigations, and simply accounts and
conversations in social media - everything on the Internet needs to be under secure
control, and this is where a good password will help.
As there is a lot of important information stored on the web, there also are those
trying to get this information. During digital era, when most of the world’s population
is keeping all its files stored online, it is extremely important for people to know how
to keep it safe, however the statistics on this topic is shocking - more than 80% of
passwords on the web are so easy and predictable that they can be cracked by an
average computer in seconds (Hunt, 2018). I myself had my social accounts cracked
by hackers, and this is why I personally believe that this investigation will be
important and relevant in the modern world. This along with my interest in
mathematics behind password breaking made me decide to write a work on this
topic.
The aim of this investigation is to determine the criterias of a strong password that
cannot be easily broken by computer and to calculate how long it will take to crack
passwords of different strengths. As an extension of this investigation I will be able to
explore the use of different hacking methods at the same time in a more realistic
situation and determine which method is more effective in which case.
There are different types of hacking attacks existing. In the purpose of this
investigation only two types will be considered. The first and the most popular one is
a brute force attack, which is working through all possible combinations of letters,
numbers and other characters in order to get the password. This type of attack will
be investigated in the first part of the essay. Dictionary attack is another method of
breaching the password, and it implies systematically entering every word in a
3
, dictionary as a password (“What is Dictionary Attack?”, n.d.). This method will be
explored in the extension of the investigation.
Investigation
While creating a password for a website or a social media account, it often requires a
certain amount of letters, numbers or special characters to be included in the
password in order to make it stronger. In some websites a special scale is present,
which shows if your password is “weak”, “normal” or “strong”. But what is a weak and
a strong password? What are the determinants of a really good password that will
keep your information safe? To answer these questions I will derive a formula for
calculating the password’s strength.
Strength of the password is inversely proportional to the probability of cracking this
password. The lower the chances - the better the password. Probability to break a
password depends on many aspects, like how powerful the computer is, how much
information about your password it has, which techniques it is using, number of
special characters used in the password and the length of the password. For the
purposes of this essay I will use only two last aspects to create the formula for the
strength of a password.
In order to derive the formula, I will take a particular example. Let us say that the
password “06948337” is given for the computer to break. As the password is
numerical, for each digit there are only 10 possible numbers that could be used. To
guess first two digits the computer will have to consider now 10 × 10 options.To
guess every 8 numbers in the right order a computer will have to try 108 possible
passwords. Therefore the probability to find exactly “06948337” from the first try is
1
= 10−8 .
108
From these observations a simple formula for password strength (S) was derived:
4
Iyer, K. S. (2016, October 13). Top 10 Most Popular Password Cracking Tools. TechWorm.
March 2019
1
, Table of Contents
Introduction ………………………………………..………………………………………. 3
Investigation ………………………………………..……………………………………... 4
Theory ………………………………………..…………………………………… 4
Brute force cases ………………………………………..……………………….. 5
Dictionary attack cases ………………………………………..………………… 6
Extension ………………………………………..………………………………………… 8
Conclusion ………………………………………..………………………………………..12
References ………………………………………..……………………………………….14
2
,Introduction
In the modern world more than a million terabytes of information is stored online
(Mitchell, n.d.), a significant part of which is private or not meant to be changed or
revealed to strangers. Documents, reports, investigations, and simply accounts and
conversations in social media - everything on the Internet needs to be under secure
control, and this is where a good password will help.
As there is a lot of important information stored on the web, there also are those
trying to get this information. During digital era, when most of the world’s population
is keeping all its files stored online, it is extremely important for people to know how
to keep it safe, however the statistics on this topic is shocking - more than 80% of
passwords on the web are so easy and predictable that they can be cracked by an
average computer in seconds (Hunt, 2018). I myself had my social accounts cracked
by hackers, and this is why I personally believe that this investigation will be
important and relevant in the modern world. This along with my interest in
mathematics behind password breaking made me decide to write a work on this
topic.
The aim of this investigation is to determine the criterias of a strong password that
cannot be easily broken by computer and to calculate how long it will take to crack
passwords of different strengths. As an extension of this investigation I will be able to
explore the use of different hacking methods at the same time in a more realistic
situation and determine which method is more effective in which case.
There are different types of hacking attacks existing. In the purpose of this
investigation only two types will be considered. The first and the most popular one is
a brute force attack, which is working through all possible combinations of letters,
numbers and other characters in order to get the password. This type of attack will
be investigated in the first part of the essay. Dictionary attack is another method of
breaching the password, and it implies systematically entering every word in a
3
, dictionary as a password (“What is Dictionary Attack?”, n.d.). This method will be
explored in the extension of the investigation.
Investigation
While creating a password for a website or a social media account, it often requires a
certain amount of letters, numbers or special characters to be included in the
password in order to make it stronger. In some websites a special scale is present,
which shows if your password is “weak”, “normal” or “strong”. But what is a weak and
a strong password? What are the determinants of a really good password that will
keep your information safe? To answer these questions I will derive a formula for
calculating the password’s strength.
Strength of the password is inversely proportional to the probability of cracking this
password. The lower the chances - the better the password. Probability to break a
password depends on many aspects, like how powerful the computer is, how much
information about your password it has, which techniques it is using, number of
special characters used in the password and the length of the password. For the
purposes of this essay I will use only two last aspects to create the formula for the
strength of a password.
In order to derive the formula, I will take a particular example. Let us say that the
password “06948337” is given for the computer to break. As the password is
numerical, for each digit there are only 10 possible numbers that could be used. To
guess first two digits the computer will have to consider now 10 × 10 options.To
guess every 8 numbers in the right order a computer will have to try 108 possible
passwords. Therefore the probability to find exactly “06948337” from the first try is
1
= 10−8 .
108
From these observations a simple formula for password strength (S) was derived:
4
