0

i. If I choose random password of length say 15 from the alphabet set of size 94 i.e. from the search space of 94^15, is my password protected against all kind of threats?

ii. Will there be any need of resetting such password in the near future?

iii. If the password database is hashed and compromised by the attackers, do I have to change my random password?

iv. What should be the length of the random password, so that I do not have to worry about it getting cracked, breaked, guessed whatever for 100 years.

Assuming that I can remember 15 length long random password.

If I have to change my random password in any of the cases, then what is the point about setting random password?

Curious
  • 1,452
  • 2
  • 14
  • 26
  • [NIST](http://csrc.nist.gov/publications/drafts/800-118/draft-sp800-118.pdf) provides both the answers and the methodology to understand the problem and reach your own answers. On the other hand, if you're up against an opponent with rainbow tables, the brute force work is already done. – MCW Sep 17 '14 at 13:16
  • 15*log_2(94)=98. 98 bits of entropy is a lot, especially if combined with a proper password hash. But with a weak password hash it might become attackable in a few decade if you are a high value target. – CodesInChaos Sep 17 '14 at 15:02
  • 1
    Please define "**all** kind of threats". – Philipp Sep 17 '14 at 17:29
  • Assuming you don't reuse your password. If you do then all bets are off. Also rubber hose cryptography. Also no hash fonction known today is likely to be unbroken in 100 years. – jhoyla Sep 17 '14 at 22:14

4 Answers4

6

The security of your randomly generated 15 characters password depends very much on how it is stored on the system that is being breached.

If the system stored it in clear text, your password would be stolen in 0s.

Assuming the next worse case scenario of your password being stored as an MD5 character that is being hashed just once, without salt, if there exist a super rainbow table (beyond yottabyte size?) with search space depth of 95^15 (you forgot to include space), your password would be cracked in a matter of hours or minutes.

Without a rainbow table, the attacker would have to brute-force your password by guessing one at a time. Jeff Atwood had written an article on hashing speed which I quote here:

MD5      23070.7 M/s
SHA-1     7973.8 M/s
SHA-256   3110.2 M/s
SHA-512    267.1 M/s

This was what an expensive GPU can achieve two years ago. If Moore's law continue to predict correctly for the next 100 years, then the hashing speed for MD5 with a GPU, if GPU is still the tool for cracking hashes, will be:

Year   MD5 hashing (M/s)
2012   23070 
2014   23070 x 2
2016   23070 x 2 x 2 
...
2114   23070 x 2^51 = 5.2 x 10^19

Your search space of 95^15 will yield 4.6 x 10^29 possible hashes. Let's assume the hacker tries every single one of them in 2114, the number of guesses he can make is:

5.2 x 10^25 x 365.25 days x 24 hours x 3600 seconds = 1.6 x 10^33

Which is more than 4.6 x 10^29. Therefore it is possible to crack your password in MD5 before the end of 2114.

The next consideration is how much computing resources does your attacker has? If one GPU is not enough, can he get 10 or even 10,000 of those?

Finally, password cracking is not cost-free. GPU consumes energy. Your attacker got to think, is it worth it? To run those machines for years just to brute-force a password when they could have just hire someone to beat the crap out of you to get it at a fraction of the cost and time is plain stupidity.

In summary, your randomly generated 15 characters password is good for the decade, but hard to say for the century, provided that the system storing the password is using a MD5 hash or stronger and that you have not accidentally revealed the password yourself.

Question Overflow
  • 5,250
  • 6
  • 27
  • 48
2

i) No password is ever protected against ALL threats. If you write it down and someone steals your notes...

ii) There could be, for too many different reasons.

iii) Yes, depending on if the passwords are salted or not, cracking hashes is fairly easy. Without a salt on the password all you need to do is run it against rainbow tables.

iv) Again, this depends if the passwords are salted for the same reason as above.

As you can see, the strength of your password is only one part in this equation. The way it is stored is just as much a factor in security.

As for the discussion on what makes a good password, read this question

BadSkillz
  • 4,444
  • 25
  • 29
  • if I create 15 len random password, do I have to worry whether my password was salted or not? I understand that passwords must be hashed. But if the database breach news reaches me, can't I just relax and not change my password, as it was hashed and my password was random and sufficient long. The brute force search seems to be the only way to break it, but for longer random passwords it is infeasible to do the brute force in a short time. – Curious Sep 17 '14 at 11:27
  • Yes, as I said, without a salt they don't need your exact password, just some string that generates the same hash in the end. You could have a 100 len password, but if 'abcdef' generates the same hash, thats all they need. – BadSkillz Sep 17 '14 at 11:33
  • You should always worry about if your password is salted or not. The password length is irrelevant. This answer is pretty comprehensive, http://security.stackexchange.com/a/31846/52676 – RoraΖ Sep 17 '14 at 11:35
  • @raj password length is relevant if the password is random. 15 len random password provide log(94^15) > 15*6=90 bits of entropy. Why does it require the salt to give extra security? Any way my question is that if the user set long random password which is protected using salted hash on the server, in case of the database breach, should the user be advised to change his password or not? – Curious Sep 17 '14 at 11:44
  • 2
    @BadSkillz Please don't spread misinformation about collisions being a risk in normal password hashing situations. This type of collisions are simply not a threat with modern hashes unless the system is truncating the password hash or doing something else completely nonstandard. It is improbable for the hash of a 15 character randomly generated password to have a shorter, more easily guessed collision. Yes, there can be collisions in some other specific hash applications but they don't carry over to passwords. – PwdRsch Sep 17 '14 at 14:39
  • 1
    @PwdRsch You are right, I changed it to rainbow tables as they are more probable. – BadSkillz Sep 18 '14 at 07:39
1

I use a password manager and use passwords of length 22 (why 22?) or however long they'll let me. (My bank only allows up to 15, sekeritah yay)

Do I worry when I hear that a site that I use had a data center breach? No, I don't worry. That is a comfort of having a really strong password. Some hacker got their hands on my hash? Yeah sure, whatever, have fun kid.

I still get around to changing my passwords when I can remember to. If ultimately the underlying question is: "Should a random 15 character password provide me with comfort even if my hash is stolen?"

Then my answer is yes.

Andrew Hoffman
  • 1,997
  • 15
  • 17
  • 2
    So long as it's not reused anywhere. It does not matter, as explained in the answers above, what your password looks like if it is not transmitted (client malware or insecure channel) and stored properly (poor hashing/salt practices or server malware). – Steve Dodier-Lazaro Sep 17 '14 at 16:04
-1

@BadSkillz pretty much said it.

Addendum To Part iv: You can use GRC's Interactive Brute Force Password “Search Space” Calculator to estimate how long it may take for a random password to be cracked. According to your scenario about 10 to 12 characters in lenght should suffice.

But be cautious: This is based on a random brute force attack. If your password is not random, a dictionary attack may be advantageous.

Marcel
  • 3,536
  • 1
  • 19
  • 37
  • agreed. so I do not have to change my 15 len random password in case of database breach. – Curious Sep 17 '14 at 12:08
  • 4
    @Curious I get the impression that you have asked this answer only to get confirmation for your assumption (that a 15-char random PW is good enough) instead of really understanding the comments and answers. NO, there are circumstances where it's not good enough. 'In case of database breach' depends very much on how well that DB stored the PWs. Actually, there are so many different scenarios that your question could be seen as 'too broad'. –  Sep 17 '14 at 13:02