The Problem With Passwords…

A couple of comments I received recently have stuck out a bit. The first was someone asking me why I didn’t include time to crack a 24 and a 64 character password. This left me scratching my head, as the number of possible passwords for a random 64 character password — with just lower case letters — is:

3616548304479297085365330736464680499909051895704748593486634912486670341490423472351870976

and there is not enough computing power in the world to crack that. The other comment I received was when I was told that it was okay if a hash database was accessed, as salt was being used, and so a rainbow table couldn’t be used. Again, there’s a worry that there’s some misunderstandings about the hashing process, as the salt is stored against the hashed value, and GPU and hashcat is then able to perform Terahashes per second, and where even a password such as “7&4K1pxZm” can be broken in minutes.

The strength of a password relates to four major elements:

• The number of characters in the password. The more characters that are in the password the stronger the password will be.
• The range of characters in the password. The wider the range of characters in a password will increase its strength, especially to use non-alphabet ones (such as “!”, “@”, and so on).
• The cracking speed of…