Jan Leow's Press Blog

Brute Force Password Cracking

Keep your password difficult to crack because brute force password cracking is possible to gain access to any of your secured work space such as your website. I happen to bump into this information some time ago (forgot which website) which gives a rough indication how secure your password is against a would be attacked attempting to use a brute force cracker to break your password and gain unauthorised access to your area of security. Thus it is prudent to create as unique and complicated password as you can to foil any attempts for a hacker to gain access.

Most times, you want something simple to remember. That’s ok if you have nothing very important and losing an email, facebook, twitter account etc just amounted to a major irritating inconvenience. However nowadays with so many services tie in together including banking, business, financial and monetary account linking, having your email, facebook, twitter and various others account hacked is no laughing matter. You could lose your money in your banking account, your online business income and even loss of business from a defaced website.

Simple passwords that uses alphabets + numbers no longer suffice, and now you need to consider a mix sequence of alphabets (upper and lower case), numbers and symbols to make it that much harder for brute force password cracking.

If you have websites, inclusion of other time delaying entry of ID/password for wrong info entered on a fixed set of times as well as captcha and other verification process do indeed slow down the brute force attack.

Anyway the table I got here still shows how fast an amateur can break a simple sequence of password just by using some tools which you can get online and attempt to break your secured data. And if the password attacker has access to more powerful computers, the password breaking period will be far more shorter especially if they got specialised hardware to do it too. By making your passwords more complicated, the attempts become much more difficult.

Unfortunately my wife complained to me why the passwords I set for her are oh, so, so difficult to remember! A little paranoia is necessary I suppose. Losing an account like hers even though she hasn’t got any linking to any financial institution is still much too troublesome!

The trick here then is to create a password that you can still remember somehow, perhaps using mnemonics and other memory helping techniques. It can still get very complicated and you still might forget especially if you have dozens of websites, hosting, affiliate accounts, banking accounts, etc. So no choice but to use password managers to store your passwords. A good one such as the opensource keypass is very good choice to use.

So study the table below and think about how you want to set your passwords. A clever password means you can still remember though somewhat difficult and a little paranoia may help out in the long run to protect your information.

An attacker may try all passwords from a dictionary or short letter/digit combinations. With a 1.2 GHz PC he can check roughly 1.5 Million passwords per second. This gives the following figure:

Length Password Type Avg. time to crack
on 1.2 GHz PC
Any English Word 0.03 seconds
Any English word with digit
appended or pre-pended
0.66 seconds
7 random digits 3.3 seconds
5 random lower case letters 4 seconds
5 random lower case letters/digits 20 seconds
5 random mixed case letters/digits 5 minutes
6 random mixed case letters/digits 5 hours
7 random mixed case letters/digits 14 days
8 random mixed case letters/digits 2.3 years
8 random letters/digits/punctuation 70 years
10 random letters/digits/punctuation 600,000 years

Note that this figure only applies to amateur crackers, not to someone with access to a super computer. A good password uses at least 8 random letters, digits and punctuation characters. The author uses a 10 character random password including letters, digits, punctuation and accentuated characters (the latter makes encryption with a PC conduit more difficult, though).

Leave a Comment

Your email address will not be published. Required fields are marked *

Blue Captcha Image


This site uses Akismet to reduce spam. Learn how your comment data is processed.