1

I have a quick question regarding password cracking.

Lets say you append a 5 digit pin on the end of your password. An example would be instead of a password of "password" it would be "password12345".

So when trying to crack the password using bruteforce or a dictionary you would have to append every possible pin combination on the end for every single attempt.

So in reality how much more difficult would that make it? I'm guessing not much.

Philipp
  • 49,017
  • 8
  • 127
  • 158
CBaker
  • 219
  • 2
  • 7
  • Related: [Short complex password, or long dictionary passphrase?](http://security.stackexchange.com/q/6095/29640) , [Calculating how secure my password is](http://security.stackexchange.com/q/25960/29640) – bummi Feb 18 '16 at 17:02

1 Answers1

1

A 5 digit decimal number has 100,000 possible states, so it increases the time to crack by factor 100,000.

This assumes that the cracker expects you use a common word plus a 5-digit number.

Philipp
  • 49,017
  • 8
  • 127
  • 158
  • that's probably not a lot right in terms of password cracking, a factor of 100,000? – CBaker Feb 18 '16 at 17:05
  • 1
    @CBaker that depends completely on how long it takes to crack your password without, which depends heavily on how it is stored. One hour or 12 years makes a lot of difference. One millisecond or one and a half minute not so much. – Philipp Feb 18 '16 at 17:07
  • 2
    Appending a 5 digit number to the end of a password adds log₂(100000) ≃ 16.6 bits of entropy. To prevent even sophisticated off-line brute force attacks is have the entropy of your password generation process should be more than ~80 bits (equal to 38 million computers trying a password every nanosecond for a year). Assuming no underlying flaws like keyloggers or reusing the same passwords at multiple sites (even just once typing password at an evil site), or can't be bribed or threatened to give the pw up for much less than the electricity bill for a year of 38M computers. – dr jimbob Feb 18 '16 at 17:22