0

Imagine that I'm an evil genius, and I had the brilliant idea of creating a botnet for brute forcing passwords. Or I'm just the owner of the Echelon, and I have a farm of distributed servers around the globe to decrypt passwords.

How long and complex should a password be to resist such attack (and no more sophisticate than that)?

Alberto Salvia Novella
  • 151
  • 1
  • 8
  • 4
    This might answer your question: https://security.stackexchange.com/q/118450/10863 (this one is also relevant: https://security.stackexchange.com/q/168479/10863) – Luc Oct 20 '19 at 14:55
  • Brute force will always win (eventually) – schroeder Oct 20 '19 at 16:21
  • 1
    You have two concepts here, "Brute Force" and "Decrypt" that are not necessarily related. "Decrypt" implies you have encrypted content to work with, whereas "Brute Force" may or may not as in password guessing. Entropy math is well referenced, but environment can be an overriding factor. For example if you are "Brute Forcing" a remote access, then the access speed will severely limit the attack to much less than might otherwise be possible. Throw in password retry limits in the interface and it becomes dramatically less. – user10216038 Oct 20 '19 at 16:26

0 Answers0