Luc Gommans/ blog

Napkin math for password cracking

Written on 2019-08-14

Note that "words" and "characters" are interchangeable. If you have a dictionary of 10 000 words and pick 5 words for a passphrase, or a set of 10 possible characters (e.g. 0 through 9) and pick 15 characters for a password, the calculations remain the same. Any FAQ entry for passphrases can be applied to passwords and vice versa.

You should be able to copy any calculations directly into this calculator (apt install apcalc).

How long will it take to crack my password?

Assuming no protection (so no bcrypt/scrypt/argon2): assume a trillion attempts per second for a motivated attacker in 2019. This setup would cost a few thousand to buy (source) or a few dollars per hour to rent at a VPS provider. If you are super paranoid, multiply by 2 for every 18 months that the password should remain secure for, though this is an overestimation (computing power won't increase that fast).

Computing the strength of a given password depends entirely on the way you generated it. If you looked at nearby objects (tree, bench, bicycle) and made a passphrase with that, all bets are off. If you took your dog's name and old phone number... you get the picture. I'm going to assume a completely random generation method, so you used a computer or a set of dice or deck of cards or something. The math to generate the number of possible values is:

possibilities ^ length

So if you used 5 digits, then there are 10 possible values in each position (zero through nine), thus 10^5 = ten thousand. How long does it take to crack that? Well, divide ten thousand by a trillion. That many seconds.

If you used 5 words from a dictionary, and the dictionary had one thousand words, then it is 1000^5 = one quadrillion possible passwords. How long does that take to crack? Divide a quadrillion by a trillion, so a thousand seconds.

How many bits of entropy is this?

Let's take ten digits (10^5) as example again. The answer is: log(10^5)/log(2) = 16.6 bits of entropy.

How many words do I need for a given dictionary size and strength?

What we need to solve is log(possibilities^length)/log(2)=bits so that we can calculate length. Since "b^y = x is the same as y = log_b(x)" and the base of the logarithm function that the calculator that I use uses is 10, the answer is log(10^(bits*log(2)))/log(possibilities) = length.

If you have a calculator with a different log function, for example if it uses e as base, then you would need to do log(e^(bits*log(2)))/log(possibilities) = length.

Let's say we want 128 bits of strength and have a dictionary of 10k words, then the answer is log(10^(128*log(2)))/log(10e3) = 9.6 words. Note that you need to round the answer up (9.1 "words" would also have turned into 10), otherwise you are underprotected.

How large should my dictionary be for a given passphrase length and strength?

What we need to solve is log(possibilities^length)/log(2)=bits so that we can calculate possibilities. Again assuming a base of 10 for our logarithm function, the answer is (10^(bits*log(2)))^(1/length) = possibilities.

Let's say we want 128 bits of strength and pick 8 words, then the answer is that we need (10^(128*log(2)))^(1/8) = 65 536 words in our dictionary.

How long does it take to crack with these password requirements?

TODO. See this for now: