Gotcha: How long does it take to hack a 16-character password?

First, how many of us have a 16-character password?

If the over-under is 1, I’m betting the under.

 

image

Still, let’s pretend that that your passwords are 16-characters long – a mix of capital and lower case letters, numbers and special characters.

Here’s how long it takes to crack it …

According to the Daily Mail, given a 1 –hour time limit, a team of hackers cracked  more than 14,800 cryptographically hashed passwords – from a list of 16,449 – as part of a hacking experiment for tech website Ars Technica.

That’s a 90% success rate … almost 250 passwords per minute …  about 1/4th of a second per password.

How did they do it?

A mixture of brute-force attempts, wordlists, statistically generated guesses using Markov chains, and other rules to turn a list of hashed passwords into plain text.

The brute force part was accomplished  using  a 25-computer cluster that can cracks passwords by making 350 billion guesses per second.

For tech details, see the the Daily Mail article.

The process and capabilities are fascinating … and mucho scary.

* * * * *
Follow on Twitter @KenHoma                  >> Latest Posts

One Response to “Gotcha: How long does it take to hack a 16-character password?”

  1. Alexander S Says:

    How do you feel about using facial recognition or fingerprints as your password on a smartphone or computer?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s