0

For example, a password consisting only of lower-case characters [a-z], but a length of 10 (26^10), will always be better than all characters, but a length of 7 (95^7).

That is, how much is it correct to take into account only the number of combinations?

schroeder
  • 125,553
  • 55
  • 289
  • 326
bomiam
  • 25
  • 4

2 Answers2

2

Better for what? Better for memorizing? Better for storage? Better for resistance against brute-forcing? Better for entering speed?

If by "better" you mean resistance to brute-forcing, then the answer depends on entropy. If passwords are generated randomly, means, if the probability of every password is the same, then the 1st approach gives ~2 times more combinations, in other words it has ~2 times higher entropy, and an attacker would need ~2 times more resources to brute-force it.

If passwords are generated not randomly, but by humans, the answer may differ.

mentallurg
  • 10,256
  • 5
  • 28
  • 44
1

The variety of characters in a password directly corresponds to the password's entropy. The more entropy, the harder the password is to crack. We measure entropy in powers of two.

A ten-character all-lowercase password has an entropy of log₂(26¹⁰) = 47. A seven-character password composed of random printable characters is log₂(94⁷) = 45. As you've correctly surmised, optimal password length is dictated by the password requirements. However, one must also note that password requirements both enforce and limit entropy.

A policy that implements a minimum length of 12 characters will have a majority of users that select codes of mixed lowercase letters and numbers. That would be an entropy of roughly log₂(26¹¹×10¹) = 55.0. You want at least 90, so that's insufficient.

A policy that requires 12 characters including an uppercase letter and a special character will at least force that floor to triple its iterations, increasing the entropy by 1.7: log₂(26¹⁰×26¹×32) = 56.7 (probably more like 62.3, but I'm ignoring location for simplicity; it's always best to low-ball your calculation rather than risk over-estimating it).

If you're using a random generator, the strength is much more robust but the requirements get in the way: log₂(94¹²) = 78.6 vs log₂(94¹⁰×26¹×32¹) = 75.2. Of course, if you're using a generator, you're hopefully also using a password manager and therefore length doesn't matter. Make the code longer and the requirements get diluted.

Did you notice? 12 character passwords aren't strong enough! Lock your password manager with a passphrase of randomly selected words, one of which is a password (more detail on this scheme). Memorize just that. Everything else should be a generated code of 16+ characters (around log₂(94¹³×26¹×10¹×32¹) = 98).

See also related question Why use random characters in passwords?

Adam Katz
  • 10,418
  • 2
  • 22
  • 48
  • "You want at least 90, so that's insufficient." Where are you pulling this requirement from? – hft May 16 '22 at 17:55
  • @hft – It's a rule of thumb that differs by the expert. [Here is a recommendation for 128 bits](https://security.stackexchange.com/a/257535/42391) for example. I [calculated](https://security.stackexchange.com/a/93628/42391) in 2015 that it would take _a single node_ about 12y to break a password with entropy 70 (assuming a salted md5 hash). With a twelve-node cluster for cracking, that's just one year (far less nowadays). – Adam Katz May 16 '22 at 18:15
  • My calculations are more worst-case than most because I expect hardware upgrades every 18 months that double the attack rate (Moore's Law). That limits contradictory calculations like [these from Hive Systems](https://twitter.com/adamhotep/status/1513266320133038081), in which the crack time goes from "34k years" to "3k years" in the span of a year (for a 12-char max-complexity pw). My calculation's cited 23B/s cracking speed used a Radeon HD 6990 (2010-12-15), which projects to 82B/s on Hive's GeForce RTX 3090 (2020-09-24), not far from their 69B/s (and erring in the right direction). – Adam Katz May 16 '22 at 18:58
  • Ok, just curious because you seem to be using this as a basis for your later emphatic statement that "12 character passwords aren't strong enough." But, it seems to me this is a very context-dependent statement. So I'm more curious about the domain of applicability. And also can't help but want to insert a caveat that there is no absolute rule governing password length in all situations. – hft May 16 '22 at 19:51