[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Root password strength

On 20 Mar 2024 15:45 +0100, from peb@debian.org (Pierre-Elliott Bécue):
>> it should be like 32 symbols with special symbols?  Or this paragraph
>> in a handbook is rather paranoid?
> 
> It's not paranoid.

For 82 symbols (mixed-case alphanumeric plus 20 special characters),
32 characters is equivalent to about 203 bits. (82^32 ~ 2^203 or,
expressed differently, log_2(82^32) ~ 203.)

At a rate of 2^50 guesses per second, that will take about 3.6*10^38
_years_ to go through. A widely agreed-upon figure for the age of the
universe is around 1.4*10^10 years. Therefore such a password would
take, very roughly, 10^28 times the age of the universe to brute
force.

Of course, with only 32 characters actually chosen, the character set
size can in principle be reduced to 32, yielding 32^32 = 2^160
possibilities. At the same rate, that would take about 4.1*10^25
years; a measly 10^15 times the age of the universe.

I sincerely doubt that guessability of such a password will be the
weak link in overall system security.

-- 
Michael Kjörling                     🔗 https://michael.kjorling.se
“Remember when, on the Internet, nobody cared that you were a dog?”
Reply to: