Forums Community Password length

This topic contains 3 replies, has 2 voices, and was last updated by  Svante 6 years, 11 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #6257 Reply

    Jorge

    I want to sign up to axcrypt but before I do could somebody tell me how long my password should be? I’m going to be keeping it in a password manager.

    How many passwords per second does axcrypt limit brute force cracking to even on a super-computer?

    #6268 Reply

    Svante
    Spectator

    Hello Jorge,

    We don’t focus on length, but on complexity. That said – at least 10 characters, digits and symbols.

    The second question can’t be answered in a precise way. AxCrypt uses a dynamic number of iterations to strengthen the effective password length with 12-14 bits (very approximately and it depends on the encrypting computer). The speed of the “super computer” is affected by the amount of money spent on it.

    The better questions are:

    1) What is the effective length of your password? Our password manager generates strong passwords at around 90 bits.

    2) How many bits effective key length / second do you think the presumed attacker has a budget for?

    #6271 Reply

    Jorge

    According to my password manager my password has 180 bits of entropy. It’s 32 characters, mixed case, numbers and symbols.

    The password manager is extremely secure itself, it’s hardware based and requires a smartcard + PIN to unlock.

    Would this be sufficient to thwart any realistic attack on my password? Without any information on the number of iterations it’s hard to tell.

    #6276 Reply

    Svante
    Spectator

    Hello Jorge,

    I have no idea of the quality of the estimation of your password manager, but 32 characters is indeed very long. If it’s not a simple phrase in english or based on some other system that once known by an attacker reduces the search space, it’s a very strong password. With or without extra iterations.

    So, yes, that will thwart any realistic attack.

Viewing 4 posts - 1 through 4 (of 4 total)
Reply To: Password length
Your information: