Hacker News new | ask | show | jobs
by rockland 2201 days ago
For every character in the password, you have 26 possible letters to choose from in an English alphabet.

Brute forcing this, you would have to try every combination. Which means for a four-letter long password: 26x26x26x26 = 456 976 possible passwords.

For a 10 letter long password: 26^10 = 141167095653376 possible passwords.
1 comments
sneak 2200 days ago
You forgot the other 26 uppercase letters, and the 10 digits 0-9. Looks good otherwise, but the result is much larger with a base of 62.

Clarifying it further is “number of days to brute-force if you can try (eg) 10k requests/sec”.

link
rockland 2200 days ago
Absolutely, you are of course correct. The uppercase letters and digits - together with the special characters like "!._-,...".

I kept it to 26 letters to keep the math simpler (or rather - the numbers smaller, for myself, really).

Number of days to brute-force if 10k requests/sec (26 letters still...):

4-length password = 45 seconds

10-length password = 453 years

Please give me a heads up if my math is off.

link