Use passwords generated by PasswordAttendant at your own risk!

The strength calculator calculates the average amount of time that it would take to crack your password if a brute force attack was employed.  A brute force attack is one where every possible combination is tested.  Using such an attack, one may get lucky and discover your password on the very first test or they may be unlucky and not discover the password until the very last possible combination is tested.  Our calculator takes this into consideration and calculates the average time it might take. 

Here's how we do it:

1. We calculate the total possible combinations that could be generated with the defined mask.
2. We divide that value by 3,153,600,000,000,000 (100 million * the number of seconds in a year).  This returns the number of years it would take to test every combination.
3. We then divide the time by 2 (assuming only one half of the possible combinations will need to be tested on average).

Our calculator actually performs two calculations.  One where the exact mask is used - this returns a more conservative time.  Most hackers will not be aware of your mask.  However, you may want to consider this information when deciding whether your password is strong enough to protect your data.

The other calculation assumes nothing except that it does examine a password to see if there are any special characters.  If not, the calculation is performed based on 62 possible characters per position (the total number of uppercase, lowercase, and digits).  If a special character is found, the calculations are performed based on 94 possible characters per position (the space character is excluded from the calculations).
 

Modified : Tuesday October 13, 2009
Privacy Statement