This would make a 123-bit space, which would render the password close to impossible to memorize. Although the pace of Moore’s law appears to be decreasing, it is wise to take it into account for passwords that you hope will remain secure for a long time.įor a truly strong password as defined by ANSSI, you would need, say, a sequence of 16 characters, each taken from a set of 200 characters. Moore’s law (which says that the computer-processing power available at a certain price doubles roughly every two years) explains why a relatively weak password will not suffice for long-term use: over time computers using brute force can find passwords faster.
#POINT PASSWORDS PLUS TO THE DATA FILE 64 BITS#
It considers 64 bits to be very small (very weak) 64 to 80 bits to be small and 80 to 100 bits to be medium (moderately strong). In fact, the agency recommends a possibility space of 128 bits to guarantee security for several years. Encryption involves representing data in a way that ensures it cannot be retrieved unless a recipient has a secret code-breaking key. (Mathematicians refer to the possibility spaces as having entropy of 29 and 75 bits, respectively.) The French National Cybersecurity Agency (ANSSI) recommends spaces having a minimum of 100 bits when it comes to passwords or secret keys for encryption systems that absolutely must be secure. For the example of six lowercase letters above, the computation results in 29 bits for the more complex, 12-character example, it is 75 bits. The “integer” in the formula indicates that the decimal portion of that log value is omitted, rounding down to a whole number-as in integer(28.202638… 28). In the formula, the value of log 2 (N) is a real number with many decimal places, such as log 2(26 6) = 28.202638…. That number, N, is derived from this formula: 1 + integer(log 2( N)).
The multitude of possibilities makes it impractical for a hacker to carry out a plan of attack that might have been feasible for the six-character space.Ĭalculating the size of these spaces by computer usually involves counting the number of binary digits in the number of possibilities.
If your computer spent a second visiting the six-character space, it would have to devote two million years to examining each of the passwords in the 12-character space. A computer running through all the possibilities for your 12-character password one by one would take 62 trillion times longer. That is more than 62 trillion times the size of the first space. If you are told to select a 12-character password that can include uppercase and lowercase letters, the 10 digits and 10 symbols (say, !, #, $, %, ^, &, ?, / and +), you would have 72 possibilities for each of the 12 characters of the password.
For example, if you were told to use six lowercase letters-such as, afzjxd, auntie, secret, These choices are independent: you do not have to use different letters, so the size of the password space is the product of the possibilities, or 26 x 26 x 26 x 26 x 26 x 26 = 26 6. When you are asked to create a password of a certain length and combination of elements, your choice will fit into the realm of all unique options that conform to that rule-into the “space” of possibilities. I will also explain how hackers can uncover passwords even when stolen data sets lack is the logic behind setting hack-resistant passwords. I will explain the mathematical rationale for some standard advice, including clarifying why six characters are not enough for a good password and why you should never use only lowercase letters. Obviously such measures add safety, but how exactly? We are also told to change our choices regularly. At one time or another, we have all been frustrated by trying to set a password, only to have it rejected as too weak.
0 kommentar(er)
