Type and Strength of Password Generated
Random password generators normally output a string of symbols of specified length. These can be individual characters from some character set, syllables designed to form pronounceable passwords, or words from some word list to form a passphrase. The program can be customized to ensure the resulting password complies with the local password policy, say by always producing a mix of letters, numbers and special characters.
The Password strength of a random password against a particular attack (brute-force search), can be calculated by computing the information entropy of the random process that produced it. If each symbol in the password is produced independently and with uniform probability, the entropy in bits is given by the formula
where N is the number of possible symbols and L is the number of symbols in the password. The function log2 is the base-2 logarithm. H is typically measured in bits.
-
Entropy per symbol for different symbol sets Symbol set Symbol count N Entropy per symbol H Arabic numerals (0–9) (e.g. PIN) 10 3.32 bits Hexadecimal numerals (0–9, A–F) (e.g. WEP key) 16 4.00 bits Case insensitive Latin alphabet (a–z or A–Z) 26 4.70 bits Case insensitive alphanumeric (a–z or A–Z, 0–9) 36 5.17 bits Case sensitive Latin alphabet (a–z, A–Z) 52 5.70 bits Case sensitive alphanumeric (a–z, A–Z, 0–9) 62 5.95 bits All ASCII printable characters 94 6.55 bits Diceware word list 7776 12.9 bits
| Desired password entropy H | Arabic numerals | Case insensitive Latin alphabet | Case insensitive alphanumeric | Case sensitive Latin alphabet | Case sensitive alphanumeric | All ASCII printable characters |
|---|---|---|---|---|---|---|
| 32 bits | 10 | 7 | 7 | 6 | 6 | 5 |
| 40 bits | 13 | 9 | 8 | 8 | 7 | 7 |
| 64 bits | 20 | 14 | 13 | 12 | 11 | 10 |
| 96 bits | 29 | 21 | 19 | 17 | 17 | 15 |
| 128 bits | 39 | 28 | 25 | 23 | 22 | 20 |
| 160 bits | 49 | 35 | 31 | 29 | 27 | 25 |
| 192 bits | 58 | 41 | 38 | 34 | 33 | 30 |
| 224 bits | 68 | 48 | 44 | 40 | 38 | 35 |
| 256 bits | 78 | 55 | 50 | 45 | 43 | 39 |
| 384 bits | 116 | 82 | 75 | 68 | 65 | 59 |
| 512 bits | 155 | 109 | 100 | 90 | 86 | 78 |
| 1024 bits | 309 | 218 | 199 | 180 | 172 | 156 |
Any password generator is limited by the state space of the pseudo-random number generator used, if it is based on one. Thus a password generated using a 32-bit generator is limited to 32 bits entropy, regardless of the number of characters the password contains.
Note, however, that a different type of attack might succeed against a password evaluated as 'very strong' by the above calculation.
Read more about this topic: Random Password Generator
Famous quotes containing the words type, strength and/or generated:
“The Republican form of government is the highest form of government; but because of this it requires the highest type of human nature—a type nowhere at present existing.”
—Herbert Spencer (1820–1903)
“Sport in the sense of a mass-spectacle, with death to add to the underlying excitement, comes into existence when a population has been drilled and regimented and depressed to such an extent that it needs at least a vicarious participation in difficult feats of strength or skill or heroism in order to sustain its waning life-sense.”
—Lewis Mumford (1895–1990)
“Here [in London, history] ... seemed the very fabric of things, as if the city were a single growth of stone and brick, uncounted strata of message and meaning, age upon age, generated over the centuries to the dictates of some now all-but-unreadable DNA of commerce and empire.”
—William Gibson (b. 1948)