Passwords, can they be near unbreakable?

Got a question. I know a few basic things about encryption, like how they say you need to make a password lengthy, use numbers, symbols and upper and lower case letters. But isn't password length essentially the most useful? For example, what if I made a password 50 characters, but all just 123 repeated? It's 50 characters long. Wouldn't it take ages for even a powerful computer to crack it?

See, I'm wondering why it matters if you have symbols/case changes or not. Doesn't a computer simply try one a time, regardless of what it actually is? Like 123 is the same to a computer as !5E, isn't it?

Do partial matches and patterns register when searching? Or does it need the entire password at once to get through? If so, length seems like the only important thing.

Another option. Couldn't you just create an insanely bizarre 120 character password and then copy and paste it? Assuming no keyloggers catch it, that would keep every (human) out, because you could easily hide it in a mix of other random numbers in another file. It could be a box of code hundreds of lines long, and to find it you just look for the starting 3 numbers or something and copy and paste from there.

It's mostly a curiosity thing, but I wonder if these methods would work.

Complexity of a password is not just a property of its length, but the range of possible characters within that length.  If you can only choose between two characters, "A" and "B" for example, even a 200 character password will be easy to break.

Symbols/case changes matter because it increases the range of valid characters.  Given a password of any given length, if we know that it only has the 26 valid characters a-z, it will be easier to crack than one with more valid characters, i.e. those that include symbols, mixed cases and numbers.  AAn example: for a four character long password, if you use only a-z, the number of possible combinations would be 26x26x26x26.  This increases to 52x52x52x52 if you allow a-z and A-Z.

Defintely matters for countering brute force attacks, as a cracker wants to enhance his/her productivity by not bothering to test for characters that are not going to even be in the password.

123 is not the same to a computer as !5E.  123 is stored as the bytes 00 31 00 32 00 33, and !5E is stored as 00 21 00 35 00 45.

God, if a login problem allows partial matches to say "Ok, this password is good" it deserves to be hacked to bits.  What most authenticators do is store the hash of the user's chosen password.  The hash of the login password is compared with this hash, if the hashes match, the user authenticates.

About your other option, that's basically what digital certificates are.  Hope no one is logging your clicks and WM_* messages as well.  Furthermore, hope that none of your data is written to a paging file unencrypted, or sent to Microsoft as the result of an error report, or stored in slack space in hard drive sectors.

>>2
Thank you for the reply. I'm still not clear though on how the computer can tell if my password is made of simply letters/numbers, or if it has symbols included. So therefore it has to try all of them, right? That's what I meant by being the same.

In other words a computer (or person for that matter) doesn't know beforehand what you decided to use, so they may try numbers first, but that's just a guess. And if there's 50 of them? They can assume it's made of 1's and 2's, or it could be every key on my keyboard, and a few accented characters as well. Either way it has to start from scratch and go one by one, right?

Thanks again. This is neat stuff.

>>3
Progression and repetition are really quite simple and common patterns, it's not hard to program a password cracker to test for such things first rather than just starting with every possible alphanumeric combination from '0' to 'ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ'.

Just think of it as a numeric 'dictionary attack', where '123' is a word.  If the obvious guesses don't succeed, /then/ the brute force attack can commence.

http://www.beendress.com/Cocktail-Dresses.html  uk cocktail dresses becoming married after becoming pregnant. http://www.beendress.com/Flower-Girl-Dresses.html  white flower girl dress  http://www.beendress.com/  discount cocktail dresses