You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A longer password takes longer to crack, but when I insert a really long password, the meter only shows for 50%.
An interesting Microsoft TechNet blog article shows how, by looking at the formula to calculate bits of entropy (the measure in bits of how difficult it is to hack a password), the role of length is emphasized. The formula is log(C) / log(2) * L where C is the size of the character set and L the length of the password; from a mathematical standpoint, it is clear how L, the length, has a predominant role in the calculation of the entropy bits. C normally includes symbols, lower and upper case characters and number for a total of 96 possible characters or less, if some are excluded: “When looking at passwords in this light, it really starts to become clear how much more important the password length is, as opposed to the defined complexity requirements. To further this point, if you’re using passwords with a character set of 10 (only numbers), in order to achieve the same amount of entropy as a character set of 94 (all possible ASCII characters), you only have the double the password’s length. To say it another way, a password that is 16 characters long made up of only numbers provides the same level of difficultly-to-crack as an 8-character password made up of the possible 94 possible characters.”
See https://xkcd.com/936/
A longer password takes longer to crack, but when I insert a really long password, the meter only shows for 50%.
An interesting Microsoft TechNet blog article shows how, by looking at the formula to calculate bits of entropy (the measure in bits of how difficult it is to hack a password), the role of length is emphasized. The formula is log(C) / log(2) * L where C is the size of the character set and L the length of the password; from a mathematical standpoint, it is clear how L, the length, has a predominant role in the calculation of the entropy bits. C normally includes symbols, lower and upper case characters and number for a total of 96 possible characters or less, if some are excluded: “When looking at passwords in this light, it really starts to become clear how much more important the password length is, as opposed to the defined complexity requirements. To further this point, if you’re using passwords with a character set of 10 (only numbers), in order to achieve the same amount of entropy as a character set of 94 (all possible ASCII characters), you only have the double the password’s length. To say it another way, a password that is 16 characters long made up of only numbers provides the same level of difficultly-to-crack as an 8-character password made up of the possible 94 possible characters.”From https://resources.infosecinstitute.com/topic/password-security-complexity-vs-length/
The text was updated successfully, but these errors were encountered: