Cryptographic Strength of Passwords

in #passwords9 years ago (edited)

The first thing I noticed logging into this site was the requirement for passwords to act as the primary key for the blockchain.

Interesting concept, made me think a little about the strength of passwords I use. You can go to various websites to check password strength (obviously not with a real password but one similar).

For example logmeonce

Using various randomly generated passwords (length 16) = time to crack is 6 trillion to 6 sextillion years (for a bunch of passwords I tried).

Increase length to 20, you get a bunch of passwords with a minimum time to crack of 6 sextillions years (some up into the nonillion year range).

Quite a big difference for 4 extra characters...

Trouble is try to remember a password like that (I do know that it is possible.

()

How about strings of random words?

Two Words

6 days (cursecharm)

97 billion years (eigenvectorconfused)

12 years (flirtbleakly)

8000 years (luxuryfrontier)

Three words

65 trillion years (admiralroboticmessiah)

97 billion years (flimsybeangeometric)

Four words

30 quintillion years (existentsoongymnistbreath)

9 octillion years (parasiticacrobaticwreckagepolar)

... and so on

Of course you need to find an offline way to generate the words. Should be easy enough

for example

 $ for i in 1 2 3 4 5; do sed -n -e ${RANDOM}p /usr/share/dict/british-english; done
clannish
antibacterials
abashing
boater's
BASIC's

Interesting...

Sort:  

97 billion years (eigenvectorconfused)
12 years (flirtbleakly)
8000 years (luxuryfrontier)

ehhhh, I'm no expert but I'm seriously doubting the time it would take to crack those. Personally I try not to use anything less than a 128 bit quality. Those passwords are ...

  • eigenvectorconfused - 46 bits
  • flirtbleakly - 52 bits
  • luxuryfrontier - 38 bits

Use those passwords on a NXT wallet and see how long your wallet last. ;) It's nothing to do with NXT security, they're just weak passwords. I remember reading about a lot of people losing their funds back in the day for using weak passwords like the above. NXT started recommending or requiring not sure which, 35 chars minimum on passwords.

It's no different on your STEEM wallet here either. I would not trust my wallet here with passwords like that. The difference here is that you have some time to do something if you're Powered Up. Again I'm no expert, but I read enough horror stories to never use passwords less than 128 bit where I could.

No they are weak passwords... I agree and wouldn't use passwords with less than 4 words (based on the above somewhat spurious analysis).

Just illustrating the point. It's good to try to get memorable passwords using concatenated words, but you probably need at least four words.

Loading...

Congratulations @robbieburns! You have received a personal award!

2 Years on Steemit
Click on the badge to view your Board of Honor.

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Congratulations @robbieburns! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 3 years!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Do not miss the last post from @steemitboard:

Do not miss the coming Rocky Mountain Steem Meetup and get a new community badge!
Vote for @Steemitboard as a witness to get one more award and increased upvotes!