浙江网上110报警平台:帮助我翻文章

Tips for selecting password length

We will estimate the time required for an exhaustive password search attack, when the password is a random sequence of lowercase Latin letters.

We suppose that one user can check 10 passwords per second and organization (with budget about $1 billion) can check 10 billions passwords per second. We also suppose that each 2 years processor doubles it's performance, so each additional Latin letter of long password adds about 9 years against exhaustive key search attack.

So we have such estimated time for attack:
Password Length Single User Attack Organization Attack
1 2 s 1 s
2 1 min 1 s
3 30 min 1 s
4 12 hours 1 s
5 14 days 1 s
6 1 year 1 s
7 10 years 1 s
8 19 years 20 s
9 26 years 9 min
10 37 years 4 hours
11 46 years 4 days
12 55 years 4 months
13 64 years 4 years
14 73 years 13 years
15 82 years 22 years
16 91 years 31 years
17 100 years 40 years