

Password strength: what makes a password strong?
Basically, the password strength depends on the number of possible combinations, which must be tried in order to guess (or crack) the password.
For example, the standard 4digit PIN codes are weak passwords, because there are only 10000 possible combinations. This is not a big problem for ATM machines
because the PIN code is useless without the card and most ATM machines block when the password does not match more than 23 times. However, in many other cases
it is possible to use automated password cracking tools, which can try thousands or even millions passwords per second, so any weak
password will be cracked in a matter of seconds or minutes.
The number of possible combinations depends of the symbols, which are used in the password and the password length. See the table bellow for some estimates
of the time for cracking of the passwords with different complexity on 4 typical computers. The first computer is a contemporary midlevel PC, which can test 1 million
passwords per second. The second is a future computer 10 years from now, which will be able to test 65 million passwords per second. The third computer is contemporary
midlevel supercomputer, which can test 1 billion passwords per second and the last is a future supercomputer 10 years from now, which will be able to test 65 billion
passwords per second. Please note that these are approximate estimates and the actual password testing speed may be significantly faster or slower for different types of
encryption algorithms.
4 digits 
Instantly 
Instantly 
Instantly 
Instantly 
6 letters (only uppercase or only lowercase) 
5 min 
5 sec 
Instantly 
Instantly 
6 letters (mixed case) 
6 hours 
5 min 
20 sec 
Instantly 
6 letters (mixed case) and digits 
16 hours 
15 min 
57 sec 
Instantly 
8 letters (mixed case), digits and special symbols 
23 years 
5 months 
9 days 
3 hours 
12 letters (mixed case), digits and special symbols 
615 mln. years 
9 mln. years 
615,000 years 
9460 years 


NOTE: The numbers above are valid only if the symbols of the password are truly random. If the password symbols are
not random, then the cracking times are drastically lower.





4.34 MB  5 sec with broadband






