

Ask HN: How secure would this password be, practically speaking? - andrewstuart2

So I currently have a rule for myself that I don&#x27;t let any new passwords be shorter than my previous password. As you may guess, my passwords are getting quite long after a few years of having to change every N days.  This got me thinking.<p>I know it&#x27;s low entropy, but as a guess on how most modern brute force attacks work, I was wondering how secure something like this would be, both conceptually and practically:<p>1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAaaaaaaaaaaaaaaaaaaaaa
======
chrisBob
Not at all. I always use a password cracker that starts with a dictionary
attack based on every word posted on HN.
1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaAaaaaaaaaaaaaaaaaaaaaa
will now be one of the fist passwords to go.

------
jtchang
I would say fairly secure based on length

Here is the reason:

1\. It is 101 characters. If I was brute force attacking I'd imagine I'd
target passwords <32 characters. Probably more like 8-16.

2\. It has [a-zA-Z0-9]. This isn't bad, but isn't optimal. Add some symbols or
non ASCII characters to really screw up brute force attacks.

3\. If for some reason this is the password on a system that is not hashing
but encrypting and using a cipher in ECB then it is definitely not secure.

Honestly if this was a password on a giant list I'd skip it and move on to
easier targets.

------
phaus
According to
[https://howsecureismypassword.net/](https://howsecureismypassword.net/), it
would take A billion quinquagintillion years for a normal PC.

Not sure how reliable its calculations are.

------
MrTortoise
good luck typing it

