. A system allows the user to choose a password with a length of one to eight ch

Question

. A system allows the user to choose a password with a length of one to eight characters, inclusive. Assume that 10,000 passwords can be tested per second. The system administrators want to expire passwords once they have a probability of 0.10 of having been guessed. Determine the expected time to meet this probability under each of the following conditions.

a. Password characters may be any ASCII characters from 1 to 127, inclusive.

b. Password characters may be any alphanumeric characters (“A”

through “Z,” “a” through “z,” and “0” through “9”).

c. Password characters must be digits.

Explanation / Answer

For all cases, let
c = number of characters in the alphabet.
R = the rate of guessing, 104 scaled to the appropriate time unit.
N = the total number of passwords
T = the time to reach the expected probability of having a password broken
Then
(R x T) / N = 0.10, the total number of guesses over the total number of passwords is the probability 1/10
T = N / (10R)
The total number of passwords is
N= S-1 = =80iiccc--119
a. Password characters may be any ASCII characters from 1 to 127 inclusive.

      c = 127 then T = 6.82x1011 seconds = 21,629 years

b. Password characters may be any alphanumeric characters (“A” through “Z”, “a” through “z”, and “0” through “9”.
    c = 62 then T = 2.2x109 seconds = 70 years

c. Password characters must be digits (“0” through “9”).
       c = 10 then T = 1,111 seconds = 18 minutes

Related Questions

Navigate

• Browse (All)
• Browse #
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.