1

I have a quick question regarding password cracking.

Lets say you append a 5 digit pin on the end of your password. An example would be instead of a password of "password" it would be "password12345".

So when trying to crack the password using bruteforce or a dictionary you would have to append every possible pin combination on the end for every single attempt.

So in reality how much more difficult would that make it? I'm guessing not much.

Improve this question
1

1 Answer 1

Reset to default
1

A 5 digit decimal number has 100,000 possible states, so it increases the time to crack by factor 100,000.

This assumes that the cracker expects you use a common word plus a 5-digit number.

Improve this answer
3
  • that's probably not a lot right in terms of password cracking, a factor of 100,000?
    – CBaker
    Commented Feb 18, 2016 at 17:05
  • 1
    @CBaker that depends completely on how long it takes to crack your password without, which depends heavily on how it is stored. One hour or 12 years makes a lot of difference. One millisecond or one and a half minute not so much.
    – Philipp
    Commented Feb 18, 2016 at 17:07
  • 2
    Appending a 5 digit number to the end of a password adds log₂(100000) ≃ 16.6 bits of entropy. To prevent even sophisticated off-line brute force attacks is have the entropy of your password generation process should be more than ~80 bits (equal to 38 million computers trying a password every nanosecond for a year). Assuming no underlying flaws like keyloggers or reusing the same passwords at multiple sites (even just once typing password at an evil site), or can't be bribed or threatened to give the pw up for much less than the electricity bill for a year of 38M computers.
    – dr jimbob
    Commented Feb 18, 2016 at 17:22

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .