Re: brute forcing - numbers of passwords possible?

bealoid <signup@xxxxxxxxxxxxx> wrote:
A software allows a user password of up to 62 characters, selected from a
set of 95 characters.

Since this is homework, you'll forgive me for not giving you straight
answers.

Is the total number of different passwords given by:

62^95

You need to think this through. If your password has one character,
chosen from a set of 95, how many passwords are there?

How many two-character passwords are there?

How many one and two-character passwords are there?

How many passwords of up to two characters are there?

Now extrapolate.

or by:

62^95 + 61^95 + 60^95 . . . + 3^95 + 2^95 + 1^92

And if it's the latter, is there an easier way to do it than the way I've
shown?

Have you actually shown anything yet?

When talking about brute forcing such a password is it best to say "there
are X number of passwords possible", or "there are X possible passwords,
but you'd expect to break a password with brute force after Y tests"?

That depends on what you want to say. If you want to say the former,
then you should say the former. If you want to say the latter, you
should say the latter.

What do you want to say about brute force attacks?

And what would Y be, about X/2?

Under certain assumptions, that's about right.

--
Kristian Gjøsteen
.

Relevant Pages

  • Re: US Military bans HTML in emails
    ... Complex passwords are not that much harder to ... Consider a password with a choice of X different characters for each ... takes using all upper- and lowercase letters, ... I can see only two advantages of complex passwords: ...
    (comp.os.vms)
  • RE: Basic question
    ... If somebody else hasn't covered it already, I'll try to send out a Kerberos ... > Unicode character set and can be up to 128 characters long, ... > Pre-W2K user interfaces limits do not allow passwords to ... I believe that you are referring to *LM* hashes. ...
    (Focus-Microsoft)
  • Re: Paper & pencil password algorithm
    ... generator and generate a password as a permutation of a whole ... The advantage of a random sequence generator is that I can make my ... I can't imagine ever wanting passwords ... convenience I'll probably keep most of them between 20 and 50 characters ...
    (sci.crypt)
  • RE: Password statistics and standards
    ... If you shut off the storage of LM hashes, over 9 Characters will buy you ... Take a look at Perfect Passwords for some creative ideas: ... information about accounts which is helpful in telling me ... Norwich University ...
    (Security-Basics)
  • Re: US Military bans HTML in emails
    ... You mean like requiring 6-character passwords to now be "complex"? ... the need for non-alpha characters. ... I've seen passwords with zeros for O's and 3's for E's. ... What hacker ever think of that? ...
    (comp.os.vms)