Choosing good passwords

A farewell mail from one of Apple’s security professionals. Derrick Donnelly, in his farewell mail, made these very interesting suggestions for choosing a good password.

My final words

Remember security starts at the keyboard in front of you:

A 6 character password has about fifty six billion (56,800,235,584) possibilities and the average computer (the G5 is even faster) can try all combinations (crack them) in 2.5 hours.

A 7 character password has about three and a half trillion (3,521,614,606,208) possibilities and a computer can try all combinations in about 1 week.

An 8 character password has about two hundred trillion (218,340,105,584,896) possibilities and a computer can try all its combinations in about a year.

A 9 character password would take about 70 years for a computer to try all combinations.

They say the chips coming in about a year could half these times! Now if you do not want to wait for next year’s chip, you can always put 2 computers in parallel and half the time. In theory you could put 365 computers in parallel and break 8 character passwords in just over a day (Virginia Tech just put 1100 G5s in parallel). Do you think hackers have friends?

Computers have a lot more time on their hands than we do and most of the bad guys don’t have jobs. The next person asking for your social security number could be just a few clicks away from your stock options.

If you just got a chill down your back or just got a little paranoid; good, my work is done.

Use an 8 character password (9 characters is better)… You would make this security professional very happy if you would change your passwords after you read this e-mail : )

You can learn more about choosing good Passwords. And hey, do follow them !

On a sidenote, I remember learning to code during the under grad years just for the thrill of cracking passwords. I can still feel how beautiful it was when i did manage to do it. Sheer bliss. I understood then, on why people take so much effort to hack into classified sites and just play around with files until they make one stupid mistake and get caught.

It is the sheer satisfaction of the EGO … The Ego Trail that keeps us going.