Luc Gommans/ blog
## Napkin math for password cracking

### Written on 2019-08-14

Note that "words" and "characters" are interchangeable. If you have a dictionary of 10 000 words and pick 5 words for a passphrase, or a set of 10 possible characters (e.g. 0 through 9) and pick 15 characters for a password, the calculations remain the same. Any FAQ entry for passphrases can be applied to passwords and vice versa.

You should be able to copy any calculations directly into this calculator (`apt install apcalc`

).

**How long will it take to crack my password?**

Assuming no protection (so no bcrypt/scrypt/argon2): assume a trillion attempts per second for a motivated attacker in 2019. This setup would cost a few thousand to buy (source) or a few dollars per hour to rent at a VPS provider. If you are super paranoid, multiply by 2 for every 18 months that the password should remain secure for, though this is an overestimation (computing power won't increase that fast).

Computing the strength of a given password depends entirely on the way you generated it. If you looked at nearby objects (tree, bench, bicycle) and made a passphrase with that, all bets are off. If you took your dog's name and old phone number... you get the picture. I'm going to assume a completely random generation method, so you used a computer or a set of dice or deck of cards or something. The math to generate the number of possible values is:

`possibilities ^ length`

So if you used 5 digits, then there are 10 possible values in each position (zero through nine), thus `10^5`

= ten thousand. How long does it take to crack that? Well, divide ten thousand by a trillion. That many seconds.

If you used 5 words from a dictionary, and the dictionary had one thousand words, then it is `1000^5`

= one quadrillion possible passwords. How long does that take to crack? Divide a quadrillion by a trillion, so a thousand seconds.

**How many bits of entropy is this?**

Let's take ten digits (`10^5`

) as example again. The answer is: `log(10^5)/log(2) = 16.6`

bits of entropy.

**How many words do I need for a given dictionary size and strength?**

What we need to solve is `log(possibilities^length)/log(2)=bits`

so that we can calculate `length`

. Since "* b^y = x is the same as y = log_b(x)*" and the base of the logarithm function that the calculator that I use uses is 10, the answer is

`log(10^(bits*log(2)))/log(possibilities) = length`

.If you have a calculator with a different log function, for example if it uses `e`

as base, then you would need to do `log(e^(bits*log(2)))/log(possibilities) = length`

.

Let's say we want 128 bits of strength and have a dictionary of 10k words, then the answer is `log(10^(128*log(2)))/log(10e3) = 9.6`

words. Note that you need to round the answer up (9.1 "words" would also have turned into 10), otherwise you are underprotected.

**How large should my dictionary be for a given passphrase length and strength?**

What we need to solve is `log(possibilities^length)/log(2)=bits`

so that we can calculate `possibilities`

. Again assuming a base of 10 for our logarithm function, the answer is `(10^(bits*log(2)))^(1/length) = possibilities`

.

Let's say we want 128 bits of strength and pick 8 words, then the answer is that we need `(10^(128*log(2)))^(1/8) = 65 536`

words in our dictionary.

**How long does it take to crack with these password requirements?**

TODO. See this for now: https://lgms.nl/p/pwd-combinations.html