Wednesday, November 4, 2009

How much is that password worth?

These people have published details about how they used Amazon EC2 to crack passwords:
http://news.electricalchemy.net/2009/10/cracking-passwords-in-cloud.html

Personally, I skipped all the details and went straight to the interesting conclusions page:
http://news.electricalchemy.net/2009/10/password-cracking-in-cloud-part-5.html

It tells you how much it will cost someone (in EC2 charges) to crack your passwords, based on their lengths and the number of characters you use.

I used to think 8 characters was a good password. Seems it is worth about $3, or $45 if I've mixed in some numbers. Gulp. And all this is assuming there are no dictionary words in there. Double gulp.

2 comments:

Keith said...

The article says that a 9-character password with full uppercase and lowercase, alphanumeric, and symbols, is going to cost $10M to crack at current prices.

darren said...

Keith wrote: "a 9-character password with full uppercase and lowercase, alphanumeric, and symbols"

Unfortunately those passwords are hard to remember and I then have to write them down and tape them to my monitor ;-)