Jump to content


Security: Long easy password vs. shorter jumble

  • Please log in to reply
1 reply to this topic

#1 Evolution


    Neowinian Senior

  • 4,560 posts
  • Joined: 06-April 02

Posted 06 October 2010 - 02:35

I was wondering which is considered more secure out of the two? e.g. Hellomynameisjohnsmith vs. G8dB$_g87hgd*
Are most dictionary attacks just single words? Do most brute force attempts only trying letters due to the enormous number of possibilities?

#2 Nagisan


    Neowinian Senior

  • 5,242 posts
  • Joined: 02-June 06

Posted 06 October 2010 - 02:48

Probably the longer one as long as its not as easy to guess as your example.

Brute force attacks are most likely to work when they try every combination of upper and lower case letters, and all numbers and symbols. But, at the same time, those take the longest to try.

So if no one knows how long your password is and its 20 characters, even if its only letters, their brute force will generally try everything from 1 to 20 characters of all letters upper AND lower case, as well as numbers and symbols, which will take MUCH longer to get then if it tries the same thing for only 8 characters.

As long as no one knows how long your password is and what it consists of (such as only letters), the longer the password the better protected it is from brute force attacks.

According to http://howsecureismypassword.net/

Hellomynameisjohnsmith = 179 Sextillion years
G8dB$_g87hgd* = 7 Billion years

EDIT: But, it shouldn't be easily guessable like the example you gave if someone knows John Smith.