How strong is the password ? How long will it be cracked ?

Question

4.00/5 (3 votes)

See more:

How strong is the password ? How long will it be cracked ?
Recently I tried to encrypt an entire hard disk with TrueCrypt.
It has a configuration wizard and ask you sometime to choose from a list. It ask you too to provide a strong password, around 20 characters. For this password I wonder what I’m going to put like password and how can I remember twenty characters for one password and remember another password like my session password, my mail password, etc.
So it comes to my mind to find a techniques (or algorithm) to get a “strong password”
The first thing I have done is to develop a password generator software (mine is with C#) which can generate a random password which have letters, numbers, signs and can also have punctuations with a specified length.
Following is a sample password I have generated with my little software (50 passwords). I saved it in a text file, and I should not loose it otherwise I will get in a trouble, a big trouble which cannot be repaired.
And then my algorithm is that :
My password are all four first prime number (for example), means :
• Number 2 : C_fuj$Stapr?53U@
• Number 3 : F6JUy=SU2@57ezaw
• Number 5 : KA_?epHUS*U&apAW
• Number 7 : @pa9a4!?Maju4WUr
My password is at the end :
C_fuj$Stapr?53U@F6JUy=SU2@57ezawKA_?epHUS*U&apAW@pa9a4!?Maju4WUr
(65 characters)
So what I must remember is the words “all four first prime number” and do not loose my passwords text file for my reference.
Can even optimize this algorithm like : between each prime number I need to put a semi-colon(;), slash(/), space( ) or anything I want.
So what do you think about this guys.
I appreciate any comment or another techniques.
Thanks.
Number Passwords
1 ZahUraqE=e6HAc3a
2 C_fuj$Stapr?53U@
3 F6JUy=SU2@57ezaw
4 !a3!reCa_68aswet
5 KA_?epHUS*U&apAW
6 =+ReThAgET9Upr_me
7 @pa9a4!?Maju4WUr
8 Swe!we5eDa9Aku#e
9 s2Pavucufr?2Rube
10 v$4$tefu2Wu=Afet
11 @uFacUs6&cha#hAb
12 @aswa-Ewrat2a9uV
13 Muspuc#3#ha8emAc
14 !we_Ruc@e&exastu
15 rePH&xAcU&9_SEku
16 X5ZaC4UwREg?-Uwr
17 pHe*5d?&ez8qezEM
18 dRabe86c9E=et9uP
19 W2U2#q&+_umAwReN
20 4efrE_puQA4aHA9h
21 _u#haXat2-Ege7r$
22 =+radEkuxaPhA5aZA
23 xE-9cr8t$NefRuJ2
24 C5AdRawR96apr@Ph
25 qazU##Ed+!AThaxa
26 rAcRatReJ8xU?e?h
27 p29wasUfrEk7dR-Q
28 CusteZuw#gu!Useq
29 St#pr?sp777!ezug
30 x#kud=Nun-f4EtR$
31 w+ehEfaqaWru!$&H
32 StU59freK@7uTUpr
33 chEchucHeTHE?57X
34 #wESeTr-cH?5Ec82
35 guTRASpe72dEW8+w
36 b2##E$HaxeSwEcra
37 ka2@GeS+Paz*s2ta
38 B-S7EyekuFra!r!w
39 -utUs7adr4t7-#uW
40 mUz6spaf=_u=awra
41 _RucRuba8Ru_HEs4
42 dratrUg!Zu+5c=&6
43 jEgu52KuZE+!5-@u
44 wa$r#tre=aDRe9@e
45 CutHuzu*uP@aPRUq
46 speW9-utrebr?+eb
47 m9XE&t9_Rew*h6Gu
48 3ruF2ka_@=qu2axe
49 trUw=uQeCR7wexef
50 6EDUc9haRA@an47u

Posted 17-Mar-11 23:14pm

vantoora

Add a Solution

2 solutions

Solution 2

Yeah, I know your point and I'm agree with you but in the case of the hard disk encrypting I said that the password should be at least 20 characters and must be mixed. Then, the problem is that how can I remember 20 characters without missing one. Of course can remedy it by using a significant password, but who said significant say weaker. Storing the password, like all of us do, in an encrypted file is a risk too when the, said, strong password is less strong than the stored one.
You said "the strong passwords are the weakest of all", I am not agree with you on this point because I think you are playing with paradox point of view. Why saying it strong if it is the weakest.
But for the case I evoked, I only need to remember, not a password but, some kind of formula. So even if someone got my password list, she/he will not guess the right password easily.

Posted 18-Mar-11 0:06am

vantoora

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2011-03-17T23:49:00

Password strength is a complex subject.
Technically speaking, a random password with a mix of upper- and lower- case alpha, numerics and special characters is the strongest.

However, if the user cannot remember it, then he will write it down - normally on a post it attached to teh monitor.

This can mean the strong passwords are the weakest of all!

But then, you get people who have a string password, fully memorised, but who then use the same password for all systems. A single security breach means all systems are vulnerable!

I would recommend a semi-strong approach: A mix of upper- and lower- case alpha, numerics and special characters that you can remember.

Personally, I have a GUID generator for new passwords, and store all of them in an encrypted file with a strong password I can remember. That way, I do not re-use passwords for multiple systems, but still only have to remember a single one. (I also guard that file and back it up a lot!)