So I get the more complicated and long the password the harder it is to brute force, but do these programs start with like 111aaa and then go to like 111aab and so forth. Or, are they just trying every combination randomly? If the latter, isn’t there a chance (a very small one) that if it is kinda random that they could break a really good password on like the first try? Similar to winning the lottery? If it’s not random, that has its own issues. I don’t get it. Help.
In: 0
Some do. But most programs start with common passwords. So you would get attempts that start with things like “password”, “password1”, all 366 birthdays etc. Then when the common passwords are exhausted, it converts to methodical guessing.
As for the random chance of guessing a good password, it’s incredibly low. The most secure passwords are ones that are randomly generated.
If you take all possible characters used in a password, you get lowercase letters, uppercase letters, numbers, and symbols/special characters. In total that’s (26 * 2) + 10 + 32 = 94 unique characters.
Because of that, the odds of guessing a randomly generated password are 1 in 94^n. Where n is the number of characters in your password. Here’s how quickly it scales.
1 character password = 1 in 94 chance
3 character password = 1 in 830,584 chance
8 character password (minimum length on most sites) = 1 in 6,095,689,385,410,816 chance
16 character password =
1 in 37,157,429,083,410,091,685,945,089,785,856 chance.
Keep in mind that the odds need to be this low because computers can guess more than 100,000,000,000 each second. I did some more math, and found that with an 8 character password, a computer guessing at full speed would have a 30% chance at guessing correctly within just a quarter of a day. (I couldn’t do the math for a full day because I couldn’t find a calculator that would let me use numbers that big)
Latest Answers