Skip to main content

Beware!! Math Ahead!!!

(Or A Proof for Password Security)

Here's a quick mathematical explanation on password security.  First, let's define some terms:
U: the set of possible passwords
||:  denotes the size of a set
a: the available character set
n: the length of the password

The formula for determining the possible set of all passwords is U = {a}n

For example, if you can only use the last three letters of the alphabet for passwords, and you have a password length of 2, then
U = {x, y, z}2, or U = {xx, xy, xz, yy, yx, yz, zz, zx, zy}
Therefore, the size of U is the number of elements in a raised by the length of the password, or
|U| = |a|n
Therefore, the more elements you have in a and the longer n, the larger the size for U, or the more possibilities you have for any given password.

How does this relate to password security?

Most hackers use a guessing algorithm to attempt to guess a user's password.  If you only use letters or numbers, you severely limit the possible password set and make the hacker's job easier.  But if you use both letters and numbers, you make the hacker's job harder.  Add in special characters, and the work load goes up exponentially.

For example, let's say you need to create an 8 character password.
  • Using only numbers, |U| = 108, or 100 million
  • Using only letters, |U| = 268, or over 208 billion
  • Using all alphanumeric characters, |U| = 368, or over 288 trillion 
  • Using alphanumeric and special characters, |U| = 468, or so big you need to use scientific notation
I typically use a password length of 16, so even if I only use numbers there is still 1016, or 1 quadrillion possible passwords.

This is why security experts want you to use long passwords with a combination of alphanumeric and special characters.


Popular posts from this blog

Wordless Wednesday: Dymaxion Car

By Supermac1961 from CHAFFORD HUNDRED, England - Type Dymaxion, 1933, CC BY 2.0  

We Now Interrupt this Blog For a Funeral

  The perfect gentle man  dog Last week, I received a terrifying phone call.  My son's dog, Kareem was hit by a car.  The entire situation does not bear repeating, because it was an unfortunate accident.  There was no way anyone without the ability to see the future could have prevented it. All Wednesday, we sat around on pins and needles as the status reports came in.  Kareem seemed to be okay; his front left leg wasn't working but didn't look broken.  Probably nerve damage that may or may not heal on its own.  His right eye was swollen - would he lose his eye? Kareem lasted for over 10 hours.  Then the call came in.  Kareem went into cardiac arrest. He died. Waiting for his daddy (my son) to come home Wednesday night was one of those times that demark a before and after time - an event that makes a lasting impression, creating an internal division in your personal history.  Before I had a grandpuppy named Kareem who loved it when I sang to him.  After ... well, after my f

Wordless Wednesday: Floating to the Wedding

Due to flooding, this couple floated to the temple in a large cooking pot. Alappuzha, Kerala, India @Shilpa1308/Twitter