Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Explanation
Password strength is normally measured in "bits of entropy" — the idea being that if a password has been picked randomly from a pool of similar passwords of size N, then its entropy is log2N bits.
The first password I tried above was picked using a method suggested by Randall Munroe, like this:
>>> words = list(open('/usr/share/dict/words'))
>>> import random
>>> random.SystemRandom().shuffle(words)
>>> print(' '.join(w.strip() for w in words[:4]))
premaintenance disdainful hayloft seer
Its entropy can be calculated like this:
>>> from math import log
>>> l = len(words)
>>> log(l * (l - 1) * (l - 2) * (l - 3), 2)
71.39088438576361
This is a strong password—a cracker that tried a billion such passwords a second would take on average about 50,000 years to find it.
The second password is also strong, but not as good as the first. I generated it like this:
$ </dev/random base64 | tr -cd A-Z | head -c 12
NXJCWGGDVQZO
Its entropy is 12 ×ばつ log226 = 56.4 bits. Not as good as the first password, but still strong.
The third password is, of course, the weakest. password1 is about the 600th most common password (according to Mark Burnett, here) and the initial capital letter is a common substitution that password cracking programs know all about.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Explanation
Password strength is normally measured in "bits of entropy" — the idea being that if a password has been picked randomly from a pool of similar passwords of size N, then its entropy is log2N bits.
The first password I tried above was picked using a method suggested by Randall Munroe, like this:
>>> words = list(open('/usr/share/dict/words'))
>>> import random
>>> random.SystemRandom().shuffle(words)
>>> print(' '.join(w.strip() for w in words[:4]))
premaintenance disdainful hayloft seer
Its entropy can be calculated like this:
>>> from math import log
>>> l = len(words)
>>> log(l * (l - 1) * (l - 2) * (l - 3), 2)
71.39088438576361
This is a strong password—a cracker that tried a billion such passwords a second would take on average about 50,000 years to find it.
The second password is also strong, but not as good as the first. I generated it like this:
$ </dev/random base64 | tr -cd A-Z | head -c 12
NXJCWGGDVQZO
Its entropy is 12 ×ばつ log226 = 56.4 bits. Not as good as the first password, but still strong.
The third password is, of course, the weakest. password1 is about the 600th most common password (according to Mark Burnett, here) and the initial capital letter is a common substitution that password cracking programs know all about.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Explanation
Password strength is normally measured in "bits of entropy" — the idea being that if a password has been picked randomly from a pool of similar passwords of size N, then its entropy is log2N bits.
The first password I tried above was picked using a method suggested by Randall Munroe, like this:
>>> words = list(open('/usr/share/dict/words'))
>>> import random
>>> random.SystemRandom().shuffle(words)
>>> print(' '.join(w.strip() for w in words[:4]))
premaintenance disdainful hayloft seer
Its entropy can be calculated like this:
>>> from math import log
>>> l = len(words)
>>> log(l * (l - 1) * (l - 2) * (l - 3), 2)
71.39088438576361
This is a strong password—a cracker that tried a billion such passwords a second would take on average about 50,000 years to find it.
The second password is also strong, but not as good as the first. I generated it like this:
$ </dev/random base64 | tr -cd A-Z | head -c 12
NXJCWGGDVQZO
Its entropy is 12 ×ばつ log226 = 56.4 bits.
The third password is, of course, the weakest. password1 is about the 600th most common password (according to Mark Burnett, here) and the initial capital letter is a common substitution that password cracking programs know all about.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Explanation
Password strength is normally measured in "bits of entropy " — the idea being that if a password has been picked randomly from a pool of similar passwords of size N, then its entropy is log2N bits.
The first password I tried above was picked using a method suggested by Randall Munroe , like this:
>>> words = list(open('/usr/share/dict/words'))
>>> import random
>>> random.SystemRandom().shuffle(words)
>>> print(' '.join(w.strip() for w in words[:4]))
premaintenance disdainful hayloft seer
Its entropy can be calculated like this:
>>> from math import log
>>> l = len(words)
>>> log(l * (l - 1) * (l - 2) * (l - 3), 2)
71.39088438576361
This is a strong password—a cracker that tried a billion such passwords a second would take on average about 50,000 years to find it.
The second password is also strong, but not as good as the first. I generated it like this:
$ </dev/random base64 | tr -cd A-Z | head -c 12
NXJCWGGDVQZO
Its entropy is 12 ×ばつ log226 = 56.4 bits. Not as good as the first password, but still strong.
The third password is, of course, the weakest. password1 is about the 600th most common password (according to Mark Burnett, here ) and the initial capital letter is a common substitution that password cracking programs know all about.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.
Explanation
Password strength is normally measured in "bits of entropy " — the idea being that if a password has been picked randomly from a pool of similar passwords of size N, then its entropy is log2N bits.
The first password I tried above was picked using a method suggested by Randall Munroe , like this:
>>> words = list(open('/usr/share/dict/words'))
>>> import random
>>> random.SystemRandom().shuffle(words)
>>> print(' '.join(w.strip() for w in words[:4]))
premaintenance disdainful hayloft seer
Its entropy can be calculated like this:
>>> from math import log
>>> l = len(words)
>>> log(l * (l - 1) * (l - 2) * (l - 3), 2)
71.39088438576361
This is a strong password—a cracker that tried a billion such passwords a second would take on average about 50,000 years to find it.
The second password is also strong, but not as good as the first. I generated it like this:
$ </dev/random base64 | tr -cd A-Z | head -c 12
NXJCWGGDVQZO
Its entropy is 12 ×ばつ log226 = 56.4 bits. Not as good as the first password, but still strong.
The third password is, of course, the weakest. password1 is about the 600th most common password (according to Mark Burnett, here ) and the initial capital letter is a common substitution that password cracking programs know all about.
Enter password to test: premaintenance disdainful hayloft seer
too long
your password strength is medium
Enter password to test: NXJCWGGDVQZO
your password strength is weak
Enter password to test: Password1
strong
Your knowledge of password strength is: weak.