Type and Strength of Password Generated
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a passphrase. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters.
The Password strength of a random password against a particular attack (brute-force search), can be calculated by computing the information entropy of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula
where N is the number of possible symbols and L is the number of symbols in the password. The function log2 is the base-2 logarithm. H is typically measured in bits.
-
Entropy per symbol for different symbol sets Symbol set Symbol count N Entropy per symbol H Arabic numerals (0–9) (e.g. PIN) 10 3.32 bits Hexadecimal numerals (0–9, A–F) (e.g. WEP key) 16 4.00 bits Case insensitive Latin alphabet (a–z or A–Z) 26 4.70 bits Case insensitive alphanumeric (a–z or A–Z, 0–9) 36 5.17 bits Case sensitive Latin alphabet (a–z, A–Z) 52 5.70 bits Case sensitive alphanumeric (a–z, A–Z, 0–9) 62 5.95 bits All ASCII printable characters 94 6.55 bits Diceware word list 7776 12.9 bits
Desired password entropy H | Arabic numerals | Case insensitive Latin alphabet | Case insensitive alphanumeric | Case sensitive Latin alphabet | Case sensitive alphanumeric | All ASCII printable characters |
---|---|---|---|---|---|---|
32 bits | 10 | 7 | 7 | 6 | 6 | 5 |
40 bits | 13 | 9 | 8 | 8 | 7 | 7 |
64 bits | 20 | 14 | 13 | 12 | 11 | 10 |
96 bits | 29 | 21 | 19 | 17 | 17 | 15 |
128 bits | 39 | 28 | 25 | 23 | 22 | 20 |
160 bits | 49 | 35 | 31 | 29 | 27 | 25 |
192 bits | 58 | 41 | 38 | 34 | 33 | 30 |
224 bits | 68 | 48 | 44 | 40 | 38 | 35 |
256 bits | 78 | 55 | 50 | 45 | 43 | 39 |
384 bits | 116 | 82 | 75 | 68 | 65 | 59 |
512 bits | 155 | 109 | 100 | 90 | 86 | 78 |
1024 bits | 309 | 218 | 199 | 180 | 172 | 156 |
Any password generator is limited by the state space of the pseudo-random number generator used, if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.
Note, however, that a different type of attack might succeed against a password evaluated as 'very strong' by the above calculation.
Read more about this topic: Random Password Generator
Famous quotes containing the words type, strength and/or generated:
“We have two kinds of conference. One is that to which the office boy refers when he tells the applicant for a job that Mr. Blevitch is in conference. This means that Mr. Blevitch is in good health and reading the paper, but otherwise unoccupied. The other type of conference is bona fide in so far as it implies that three or four men are talking together in one room, and dont want to be disturbed.”
—Robert Benchley (18891945)
“Fearlessness is a more than ordinary strength of mind, which raises the soul above the troubles, disorders, and emotions which the prospect of great dangers are used to produce. And by this inward strength it is that heroes preserve themselves in a calm and quiet state, and enjoy a presence of mind and the free use of their reason in the midst of those terrible accidents that amaze and confound other people.”
—François, Duc De La Rochefoucauld (16131680)
“It is precisely the purpose of the public opinion generated by the press to make the public incapable of judging, to insinuate into it the attitude of someone irresponsible, uninformed.”
—Walter Benjamin (18921940)