[conspire] Password permutations (was: Correction)

[paulz at ieee.org]

I decided to go ahead and work out some examples.

First table shows password character sets of 26, 52, 62 and 70 characters. Then the possible probabilities for different lengths.

For example, a length of 8 characters with the largest character set has 6 E 14 possibilities.A length of 9 chars and only mixed case letters has 3E15 possibilities.   10 characters, with no case is almost as good. 

So, forget the special characters and use looong passwords.
	letters	    letters	    Letters &	      letters
	no case	    mixed case	    numbers	       numbers
						      punctuation
chars:    26		52		62		70

length			
4	5E+05		7E+06		1E+07		2E+07
8	2E+11		5E+13		2E+14		6E+14 *
9	5E+12		3E+15 *    	1E+16		4E+16
10	1E+14 *		1E+17		8E+17		3E+18
12	1E+17		4E+20		3E+21		1E+22
16	4E+22		3E+27		5E+28		3E+29
24	9E+33		2E+41		1E+43		2E+44
32	2E+45		8E+54		2E+57		1E+59
This thread started with a reference to kxcd and using several random dictionary words.  

The following table has some examples for different size dictionaries.   Someone mentioned a dictionary of only 500 words.  I think the well educated English speaker knows thousands of words.  Or one might use a language from Scandinavia, or just one or two good German words.  

So 4 words from a rather large dictionary is also 6E14, the same as 8 characters including punctuation.  6 words from the small dictionary would be even better.
Now, naturally passwords made of even 4 words is many letters; the xkcd example is 25 letters.  So we are back to the same conclusion: use really long passwords.   

                                kxcd style dict:	500 words	1000 words	5000 words	10000 words

length
4	6E+10		1E+12		6E+14 *		1E+16
6	2E+16		1E+18		2E+22		1E+24
8	4E+21		1E+24		4E+29		1E+32
10	1E+27		1E+30		1E+37		1E+40Now a different question.  Who can actually try a large number of logins?    In my experience just trying to get into my own account, it takes a second to get a response that I messed up.  That limits my attempts to not very many in an hour.  Also, If I mess up more than 4 or 6 times in a row, I get locked out and have to phone the bank for assistance.

 
 
 On Wednesday, April 15, 2020, 12:45:54 PM PDT, Rick Moen <rick at linuxmafia.com> wrote: 





Quoting Texx (texxgadget at gmail.com):

> That was one place you SHOULD correct people because password
> misunderstanding is a danger to the ENTIRE community.

It's not difficult to do the math and spot that Paul simply had terms
reversed.  


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20200415/0a89ed59/attachment-0001.html>