Hacker News new | ask | show | jobs
by throwaway13239 2197 days ago
Could you quickly explain the math behind this please? Genuinely curious
1 comments
rockland 2197 days ago
For every character in the password, you have 26 possible letters to choose from in an English alphabet.

Brute forcing this, you would have to try every combination. Which means for a four-letter long password: 26x26x26x26 = 456 976 possible passwords.

For a 10 letter long password: 26^10 = 141167095653376 possible passwords.

link
sneak 2196 days ago
You forgot the other 26 uppercase letters, and the 10 digits 0-9. Looks good otherwise, but the result is much larger with a base of 62.

Clarifying it further is “number of days to brute-force if you can try (eg) 10k requests/sec”.

link
rockland 2196 days ago
Absolutely, you are of course correct. The uppercase letters and digits - together with the special characters like "!._-,...".

I kept it to 26 letters to keep the math simpler (or rather - the numbers smaller, for myself, really).

Number of days to brute-force if 10k requests/sec (26 letters still...):

4-length password = 45 seconds

10-length password = 453 years

Please give me a heads up if my math is off.

link