Random 3 word password generator8/12/2023 ![]() The article that spurred this little thought exercise - “ The logic behind three random words,” by the UK’s National Cyber Security Center - focuses primarily on usability as the driving factor. I suspect this gives the hackers a pretty high success rate.Īs long as your password is long - say 16 characters - and random - either random characters or words - it’s unlikely to have ever been used before, and unlikely to appear on that list. Any time a new password is discovered, it’s simply added to the list and tried in future attempts. One of the more pragmatic attack modes is to try all passwords previously discovered anywhere, ever. While hackers might do some limited amount of character-based brute force, since the number of people using word combinations remains low, I’d imagine trying all the combinations of words is not on the radar of many hackers.īesides, there are easier ways for hackers to get passwords these days. With that, the chances of being discovered by brute force fall to the miniscule. It’s the equivalent of a 16-character random password for a try-every-possible-character brute-force attack - an attack that’s not feasible with today’s technology.Īnd if you want to completely block word-based brute-force attacks, just add a single word or string that doesn’t appear in any dictionary or word list to every password. With one list of 10,000 common English words having an average length of just over five characters, a three-word password will average 15 characters, plus more for the various separation techniques listed above. This makes a word-based brute-force attack significantly more difficult than the numbers might imply. You also have to get the separators and capitalization right. Just knowing that it’s a three-word password isn’t enough. So, how exactly did you enter that three-word password? All 722,204,136,308,736 of them.īrute-force attacks on three-word passwords can try all trillion combinations, but that’s not enough. Attack differencesīrute-force attacks on an eight-character password try every possible eight-password. An attacker trying every possible word out of our pool of 10,000 could potentially brute-force attack a three-word password in less time than they could brute-force attack all possible eight-character passwords.īut wait. A single word, thus, is one of 10,000 possibilities.Let’s be conservative and use a 10,000 word pool to choose from. ![]() More realistically, they indicate most native speakers understand 15,000 to 20,000 words. There are apparently 171,146 words in the English language, at least according to the Oxford English Dictionary as quoted by the BBC. In order to compare using three words to using long, random-character passwords, we need to make some assumptions about the number of words you and I are likely to choose from. An eight-character password made of random characters has 72^8 possible combinations: 722,204,136,308,736, aka ~7.2e+14 aka ~722 trillion.A two-character combination has 72*72 possibilities: 5184.With that information, we can calculate the possibilities: Assuming 10 for the latter, that’s a total of 72 possibilities for each single character. When we’re talking about choosing random characters, the subset is pretty well defined: 26 letters, upper and lower case, 10 digits, and then some number of “special characters”. Password reuse is to be avoided, and password vaults should be used, but adding the option of three (or more) random words to your password arsenal can help improve your security in a pragmatic way. Choosing as few as three random words will generally be longer than a typical random password, and can be more secure because it’s easier to manage and more likely to be used properly.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |