Professional Documents
Culture Documents
Math IA Final Draft New
Math IA Final Draft New
What are the strength of all possible passwords and how much
time will the computer take to crack all possible passwords?
Table of content:
1. Introduction…………………………………………………………… 2
2. Investigation…………………………………………………………...3
b. Dictionary attack………………………………………………..8
3. Conclusion……………………………………………………………..11
4. Evaluation…….………………………………………………………..11
5. Bibliography……..…………………………………………………….12
6. Appendix……...………………………………………………………..13
1
1. Introduction
Every people has secrets, it’s human nature to have something to keep for
ourselves. A password is a tool to keep humans’ secrets. Many people have seen
passwords as a modern intervention, but passwords had been used since ancient
transmit messages and information. The Greek historian Polybius described how the
Roman legion used a passphrase system that shares many of the characteristics of
the digital age that we are currently living in, passwords had become a necessity in
our lives, this has made the internet store approximately 1.2 million terabytes of
information on the internet (Appendix 1). Passwords are used for the identification of
social media accounts, mail, bank, technological gadgets, etc. Hence, creating a
strong password is crucial to protect your data on the internet. Aside from the
they are easily cracked. In fact, hackers can crack any password with the right
hardware and software, it's just a matter of time. However, a strong password can
Throughout my essay, a formula will be derived to find the probability of all possible
passwords to be cracked and how much time is needed to crack the passwords. The
2 cracking techniques that I will be using are brute force attacks, which is a method
that uses all the combinations of letters and numbers to break the password, and
2
2. Investigation
In real life, while we’re entering into a new social media or a website such as Gmail,
Instagram, Facebook, etc, they often demand certain password requirements, which
to make the barrier of entry stronger. So, what determines a strong password. To
answer this question, I will use the formulas I created to calculate the strength of
passwords.
cracking your password. Thus, the lower the probability of cracking your password,
the stronger the password. The probability to break a password is based on 3 factors
such as the number of characters used, the length of the password, and the hacking
method.
8
given to break. In order to break this password, the computer will have to try10
possible passwords to get the 8 numbers right. Therefore, the probability to break
1 −8
the password “74785693” for just one try is 8 =10 .
10
3
Thereby, the formula for the strength of the password is derived:
𝐿
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 (𝑛𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑐𝑜𝑚𝑏𝑖𝑛𝑎𝑡𝑖𝑜𝑛𝑠) = 𝑁
N refers to the number of characters (fixed) and L refers to the length of the
password. For example, a numeric password will have 0~9, which has 10 characters
100,000,000,000 passwords per second (appendix 2), which means that it takes
−11
1 × 10 . Using the same password “74785693” as above, the strength of the
𝐿
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁
N = 10
L= 8
𝐿 8
The strength of the password: 𝑁 =10
The time needed for a computer to break the password can be calculated by this
formula:
8
10
𝑡 = 11 = 0.001 seconds
10
Hence, as you can see this password can be hacked by hackers in less than a
second, however, when the complexity of the password increases, the time needed
4
to hack the password will increase as well. To prove this statement, I will add
𝑁 = 62
𝐿 =8
𝐿 8 14
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁 = 62 = 218, 340, 105, 584, 896 = 2. 18 × 10
14
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 2.18 ×10
𝑡= 𝑠𝑝𝑒𝑒𝑑
= 11 = 2183. 401 (𝑠𝑒𝑐𝑜𝑛𝑑𝑠) = 36 𝑚𝑖𝑛𝑢𝑡𝑒𝑠 23 𝑠𝑒𝑐𝑜𝑛𝑑𝑠
10
The results that I calculated show that both of the passwords have the same length,
2183.401
yet the more complex password with 62 characters is 0.001
= 2183401 times
stronger than the less complex password with 10 characters, so it proves that the
password can give a stronger password, I will use another example in which the
𝐿
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁
N = 10
L= 16
𝐿 16
The strength of the password: 𝑁 =10
5
16
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 10
𝑡= 𝑠𝑝𝑒𝑒𝑑
= 11 = 100000(𝑠𝑒𝑐) = 27 ℎ𝑟 46 𝑚𝑖𝑛 40 𝑠𝑒𝑐 = 1 𝑑𝑎𝑦 3 ℎ𝑟 46 𝑚𝑖𝑛
10
My results show that even though the password has numbers (N=10) only but the
100000
strength of the longer password is 2183.401
= 45.8≈ 46 times stronger than the one
that is only 8 characters long but consists of 62 characters (N=62). Hence, I can
conclude that the length of the password plays a more important role in the strength
correlation between the strength of a password and the complexity of the password.
Length of the password (in numbers) The time needed to crack the password
(s)
7 10
7
11 = 0. 0001
10
8 10
8
11 = 0. 001
10
9 10
9
11 = 0. 01
10
10 10
10
11 = 0. 1
10
11 10
11
11 = 1
10
12 10
12
11 = 10
10
13 10
13
11 = 100
10
14 10
14
11 = 1000
10
6
15 15
10
11 = 10000
10
Figure 1: the exponential growth between the time needed to crack the password
when the complexity of the password increases, the strength of the password
increases too.
Length of the password (in numbers) The time needed to crack the password
(s)
7 62
7
11 = 35. 2
10
8 62
8
11 = 2183. 4
10
7
9 62
9
11 = 135370. 9
10
10 10
62
11 = 8392994. 7
10
11 11
62
11 = 520365606. 8
10
12 12
62
11 = 3226266762. 9
10
13 13
62
11 = 2000285393268. 6
10
14 14
62
11 =124017694346575
10
15 15
62
11 =7.6891E+15
10
Figure 2: the relationship between the time needed to crack the password and the
8
My calculations above are using the method of brute force attack to break the
password, however, sometimes people will use dictionary words or words that are
meaningful for them instead of using random numbers and characters to create their
password because dictionary words are easier to remember. Therefore, this had led
hackers around the world to create another hack system called dictionary attack
which they upload a specific dictionary into the program and test for each word until
To differentiate between brute force attack and dictionary attack, I will test the
𝐿 17 24
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁 = 26 = 1. 1 × 10
24
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 1.1×10 13
𝑡= 𝑠𝑝𝑒𝑒𝑑
= 11 = 1. 1 × 10
10
into the program, the formula for the dictionary attack with remain the same with
brute force attack but the only thing that altered is N will be the total number of words
in the specific dictionary and L will be the number of words in the password. Such as
in this case the number of words in the dictionary (N) is 140,000 words and the
𝐿 3 15
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁 = 140, 000 = 2. 7 × 10
9
15
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 2.7×10
𝑡= 𝑠𝑝𝑒𝑒𝑑
= 11 = 27440(𝑠𝑒𝑐)
10
13
1.1×10 8
With dictionary attacks take 27440
= 4. 1 × 10 (𝑠)times less time than using brute
force attack to break the password “trigonometryisfun”. This result shows that
passwords that contain dictionary words can be broken fastly when hackers are
Managebac
Managebac is online planning, assessment, and report platform for all IB schools
including upper case letters, symbol and numbers so it is worth knowing how strong
upper case alphabets letters, 10 numbers, and 40 symbols found on our laptop. The
strength of the password can be used the formula that I derived above:
𝑁 = 26 + 26 + 10 + 40 = 102
𝐿 = 8 (𝑚𝑖𝑛𝑖𝑚𝑢𝑚 𝑐ℎ𝑎𝑟𝑎𝑐𝑡𝑒𝑟𝑠)
𝐿 8 16
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 = 𝑁 = 102 = 1. 2 × 10
The time needed for a computer to break the password can be calculated by:
16
𝑠𝑡𝑟𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑠𝑠𝑤𝑜𝑟𝑑 1.2×10
𝑡= 𝑠𝑝𝑒𝑒𝑑
= 11 = 117165. 9(𝑠𝑒𝑐) = 1952 𝑚𝑖𝑛 45 𝑠𝑒𝑐
10
The amount of time for hackers to hack into a Managebac account need 1952
10
characters password to crack so it is better to create a longer and more complex
Evaluation:
gadgets now use the identification of fingerprints and face to secure information from
the owner. Hence, my calculations might not be suitable in this situation. Other than
which will make my results may be inaccurate. So, to make my investigation closer
to reality, I could have used another real-life hacking method to justify my answer,
exploring the probability and finding out the time needed with no information given in
Conclusion:
have found out that the length of a password can make a password stronger rather
dictionary words easily, hence, it is worthy to include upper case letters, symbols,
conclude that a strong password consists of longer characters, upper and lower case
11
alphabets, symbols, and numbers. However, I believe that my investigation is useful
and important to every people living in this advanced technological century as the
Bibliography:
<http://www-scientificamerican-com-s.webvpn.bjmu.tsg211.com/article/the-mathematics-of-hacking-pa
Perry, C., 2015. The Origin of Passwords | Password Security. [online] Blog.bio-key.com. Available at:
www.kaspersky.com. 2021. Brute Force Attack: Definition and Examples. [online] Available at:
2021].
SearchSecurity. 2021. What is a dictionary attack? - Definition from WhatIs.com. [online] Available at:
2021].
12
Appendix:
1. Starry Blog. 2021. How Big Is The Internet? Hint: Probably A Lot Bigger Than You Think.
2. The Conversation. 2021. A computer can guess more than 100,000,000,000 passwords per
<https://theconversation.com/a-computer-can-guess-more-than-100-000-000-000-passwords-
per-second-still-think-yours-is-secure-144418#:~:text=It%20achieved%20a%20rate%20faster,
<https://help.managebac.com/hc/en-us/articles/360019113471-Creating-Strong-Passwords-th
13