1

According to my calculations, it would take a computer about 21 trillion years to cycle through a list of 109-bit passwords at one trillion guesses per second. In other words, not crackable until computer technology takes some serious advances.

However, some sources seem to refute this, such as this one. It suggests that my password might be sufficient for financial information, and that anything above 128 bits is often overkill - meaning that it is not overkill in some situations.

Is my math terribly wrong? Are there really computers out there that can do a trillion string comparisons in one trillionth of a second, resulting in a cycle time of 21 years for my particular password's charset and length? Or am I missing something else?

user1701647
  • 11

1 Answers1

0

Assuming that characters of your password are uniformly distributed, hence your password is not crackable using dictionary (or dictionary and some transformations): yes, it's safe.

"anything above 128 bits is often overkill" means that often your password is hashed, or salted+hashed before stored in the database (to protect against SQL injection attacks), and because some popular hash functions have 128 bit output, providing more than 128 bits of input does not increase the entropy: long passwords will collide with shorter ones anyway.

Mikhail Kupchik
  • 2,521