? What is the best password length?

Posted May 28, 20208 min read


Original address: https://advancedweb.hu/what-i...

Original Author:Tamás Sallai

1 Introduction

How to choose a password to best protect you and prevent data leakage.

2 . Password strength

Of course, the stronger the password, the better. With the existing password management software, you can quickly and automatically generate and fill in passwords of any length. However, how many digits should the password be the best, is there a reasonable lower limit as a rule of thumb

The following is a typical password generator interface:


Note:Its password length can be set to 8-100 characters

3 . Before a data breach, a good password is everything you have

But to understand what is a secure password, let's see what happened on the other side!

When you create an account, the service you are registering will store the password in one of many existing password encryption forms. Put the password directly into the database, or use an existing algorithm to hash it.

Some of the most commonly used hashing algorithms include:

  • MD5
  • SHA-1
  • Bcrypt
  • Scrypt
  • Argon2

The advantage of storing hashed data instead of the password itself is that the password is not in the database. You only need to know which hash data is yours, you don't need to know what its specific value is. When you log in, the password provided is hashed with the same algorithm. If the result matches the stored value, then you have proved that you know the password. In the case where the database is compromised, the password is unrecoverable.


3.1 Password cracking

Password cracking is when an attacker attempts to reverse the hash function and recover the password from the hash. Using a good hashing algorithm, it is impossible to recover the password, but it is impossible to try various inputs to see if they produce the same result. If you want to find such a match, you need to recover the password from the hash.


Choosing a good algorithm is important here. SHA-1 is designed for speed, which helps the cracking process. Bcrypt, Scrypt and Argon2 are designed to make cracking as high as possible in various ways at high cost, especially on dedicated hardware, the difference is huge.

Considering only the speed, the SHA-1 hash password that cannot be cracked is like this:0OVTrv62y2dLJahXjd4FVg81.

Use the correctly configured security password for the Argon2 hash:Pa $$w0Rd1992.

As you can see, choosing the right hash algorithm can make a weak password unbreakable.

Remember, this depends only on the implementation of the service you want to register. Moreover, you cannot know which part of the algorithm is implemented. You can ask, but they may not even respond or say that they take security seriously.

Do you believe that the company will take the security of the password seriously and use a good hash algorithm instead of a very bad one? View the list of corrupted databases, especially the hashes used. Many of them still use MD5, most use SHA-1, and some use bcrypt. Some even store passwords in plain text.

There is a prejudice here, because we only know what hash is used by the compromised database, and companies that use weak algorithms are likely to fail to protect their infrastructure. But looking at this list, I'm sure you will find some familiar names that you wouldn't think of. Just because a company looks large and has a good reputation does not mean that they will do the right thing.

3.2 Choose Password

As a user, how much impact may the following operations have on you?

With plain text passwords, you can do nothing. If the database disappears, your password strength is not important.

With the properly configured algorithm, the security of your password doesn't matter much, not considering the small cases like 12345 and asdf.

But between these two, especially SHA-1, your choice is important. Hash functions are usually not suitable for passwords, but if you use secure passwords, you can make up for the lack of algorithms.

Hash algo asdf AJnseykp 8VjB2qwD7eN3eG4Fjkfeks
None - - -
MD5 - -
SHA-1 - -
Bcrypt - \ *
Scrypt - \ *
Argon2 - \ *

It depends on the configuration. These hashes have different moving parts that affect their strength, but when properly configured, they can prevent attempts to crack.

Bottom line:If you use strong passwords, then you are more protected from attacks than weak passwords. Since you do n t know how secure the password storage is, you ca n t be sure what is safe enough for a given service. So, assuming the worst case, set a strong password.

3.3 A password is not enough

We need to consider whether to use a password manager and generate a unique password for each site. In actual situations, when a site service is compromised and you use your known email address and password to attempt attacks at other sites, multiple passwords will protect you from password reuse attacks. Password reuse is one of the very common problems and a huge threat.


This can be avoided by generating a new password for each site. A database is stolen, and the hacker knows everything in the database, so why protect the password?

The reason is that when you do not know that the database has been compromised and continue to use the service. In this case, the hacker can access all your future activities on the site. You may add another credit card later, they still know. A strong password means that they cannot log in to your credentials and cannot affect your future activities.


4 . How to use entropy to measure password strength

Password strength is all related to entropy. Entropy is a value that represents the randomness of a password. Because we are dealing with large numbers, it is not so much that there are 1,099,511,627,776(2 to the 40th power) different variables, it is better to say that it has 40 bits of entropy. The key to password cracking is the number of password variants, because the more password variants, the more time it takes to try all possibilities.

For random characters generated by the password manager, the entropy is easy to calculate:log2( ^ ).

The length is negligible, but what is the number of different characters? It depends on the character type of the password.

Character types Examples Number of characters
Only lowercase letters abc 26
\ + Capital letters aBc 52
\ + Number aBc1 62
\ + Special character aB? C1 84

For example, a password of length 10(containing a random mix of upper and lower case letters) has log2(52 ^ 10) = 57 bit entropy.

The above mathematical expression can be simplified to use the log2(n ^ m) = m * log2(n) expression to see the effect of a single character of a given class on the overall intensity. This results in:<length> * log2(<number of different characters>), where the second part is the entropy of each character. Above table, use this formula

Character Type Example Entropy/Character(Bit)
Only lowercase letters Examples abc Number of characters 4.7
\ + Capital letters aBc 5.7
\ + Number aBc1 5.95
\ + Special character aB? C1 6.4

To calculate the strength of a password, consider the type of characters it consists of, get the entropy number from the table, and multiply it by the length. The example above(lowercase and uppercase letters of length 10) yields 5.7 \ * 10 = 57 digits. However, if the length is increased to 14, the entropy will jump to 79.8 bits. However, if you keep the length at 10, but add numbers and special characters, the total entropy will be 64 bits.

The above expression provides a quick way to calculate password entropy, but there is a caveat. It only applies when the characters are independent of each other, this only applies to the generated password.

The password H8QavhV2gu satisfies this condition, so it has 57 bits of entropy.

But characters like Pa $$word11, which are easier to remember, have the same length and more character classes, but have much less entropy. The cracker can try all combinations only by performing some conversions on the words in the dictionary.

Therefore, any calculation based on the entropy multiplied by the length of the character type is only valid for the generated password.

5 . The criterion of entropy

The greater the entropy of the password, the harder it is to crack, but what is the entropy enough? The general view is that ~ 16 characters should be sufficient for the password. Depending on whether it contains special characters, the password output is between 95-102 digits. But what is the threshold? 80? 60 people? Or is it too low even when using 102 bits?

There is another algorithm that is similar in speed to a bad password hashing algorithm, but it is better studied:AES encryption.

It is used to encrypt all secrets in various government and military institutions, so its strength is fully considered. And it's fast, so if you can't crack a key with a specific entropy, then AES will be very useful for passwords with wrong(but not broken) hash values.

NIST(National Institute of Standards and Technology) is an entity that defines how much length is appropriate in the foreseeable future. For AES-128 from 2019 to 2030 and beyond, their recommendation is 128 bits.


Another suggestion specifically for the length of key passwords is to use at least 112 bits of entropy.

For the federal government, the application of encryption protection(such as encrypted or signed data) requires a security strength of at least 112 bits.

To use lowercase and uppercase letters and numbers to obtain 128 bits of entropy, you need an entropy of length 22(5.95 \ * 22 = 131 bits). ##

6 . Other considerations

6.1 Why are there no special characters?

I tend not to use special characters because they break the boundaries of words. This means that you need to click 3 times instead of 2 times to select the password. If I accidentally fail to paste part of the password into the input field, an error will occur.

Using only characters and numbers, double-clicking will always select the entire password.

6.2 What if there is a maximum length?

Some websites stipulate the maximum length of the password to prevent you from using 22 characters. In some cases, it will reach an extreme length, such as requiring exactly 5 digits.

In this case, using the maximum available length, you can do very little.

There are also some suggestions on how the service handles passwords and limits the length of passwords, obviously for them. NIST said:It must be at least 64 characters long to support the use of pass phrases. Users are encouraged to use whatever characters they like(including spaces) to store the secrets as long as possible, which helps to remember.

Remember, the way the service can store passwords goes from bad to super, they wo n t tell you how they did it? The shorter password length gives the impression that their strength will be poor.

in conclusion

Strong passwords are needed, even if you do not reuse them. Strength is measured by entropy, and you should target 128 bits. The combination of lowercase + uppercase + numeric password of length 22 can check 128 bits. This password will protect you in the event of data leakage.

Follow me not to get lost