Password Combination

  1. How do I work out password combination probabilities?

    For example, I'm looking for a password between 10-15 characters in length, the password can contain any alpha-numeric character (lower/upper alphabet character and 0-9 digits). How would I find out how many possible combinations there are?
  2. jcsd
  3. DaveC426913

    DaveC426913 16,539
    Gold Member

    What would you make for an answer as your first try? What logic did you use?

    How many possibilities are there for the first number in the sequence?
    How many possibilities are there for the second number in the sequence?
    Hw many times do you have to do this?

    What is a really compact way representing that as a generalized formula?
    Last edited: Nov 8, 2007
  4. 62


    10-15 times depending on the password length

    I have no idea, thats why I came here, I'm wondering if its possible to recover a zip password on one of my files but I need to know how many possiblilities there are and I also like to know how to work it out for myself :)
  5. DaveC426913

    DaveC426913 16,539
    Gold Member

    OK, well there's


    62^10 + 62^11 + 62^12 + 62^13 + 62^14 + 62^15


    a little more than 781 septillion


    At one try per second, it will take you a mere 24 quadrillion years, a mere 1.8 billion times longer than the universe has existed to-date.

    Don't try to do them all in one sitting.
    Last edited: Nov 9, 2007
  6. CRGreathouse

    CRGreathouse 3,497
    Science Advisor
    Homework Helper

    If you try ten billion passwords in a second with a given computer, and you use a million computers, it would take 1238 years on average.
  7. JasonRox

    JasonRox 2,303
    Homework Helper
    Gold Member

    After the 10th character the user has the option not choose at all, so that is 63 choices. :smile:
  8. isn't there a formula for that from allg or something.
    what is the equation not worked out like in a, b c, etc. form.
  9. HallsofIvy

    HallsofIvy 41,264
    Staff Emeritus
    Science Advisor

    The "formula" DaveC426913 was using earlier is often referred to as simply "The Fundamental Counting Principle": If you can do A in "n" ways and you can do B in "m" ways, then you can do A and B together in "mn" ways.

    If you have 62 symbols you can use and there are no restrictions on how they can be used, then you have 62 ways you can write each of the, say, 10 symbols and so have
    6210 possible 10 letter "passwords".

    Similarly, there are 6211 possible 11 letter "passwords", 6212 12 letter "passwords", 6213 l13 letter "passwords", 6214 14 letter passwords,, and, finally, 6215 15 letter "passwords".

    Altogether, then, there are a total of 6210+ 6211+6212+6213+6214+_6215 "passwords". That's the figure DaveC426913 gave.

    But if the user chose no character for the 11th choice, he must make the same choice for the 12th, 13th 14th, and 15th. I don't think that simplifies anything.
    Last edited: Nov 16, 2008
  10. ha good luck if this is really a problem not just a question.
  11. DaveC426913

    DaveC426913 16,539
    Gold Member

    What? No.

    If the pw is 10 characters long, there are 62^10 possible combinations.
    If the pw is 11 characters long, there are 62^11 possible combinations.

    Add them together and you get all possible combinations within the parameters set.

    So, your scenario where the user decides to not choose at all after the tenth character (or more accurataly: hits return), is simply the scenario where the pw is only 10 characters long.
  12. Thanks to everyone for the help :wink:

    It is a problem, I'm trying to recover a password for a zip file, but the luck is much appreciated :biggrin:
  13. JasonRox

    JasonRox 2,303
    Homework Helper
    Gold Member

    You're right!

    I never thought about that.
  14. DaveC426913

    DaveC426913 16,539
    Gold Member

    If it's your password, that should eliminate about 99.999999% of the possibilities, shrinking it to ones you would have come up with.

    If it's not your password... well, that's raises an intriguing question...:uhh:
  15. JasonRox

    JasonRox 2,303
    Homework Helper
    Gold Member

    Yeah, you can eliminate the characters you know for sure you didn't use!
  16. Assuming order is important, ie:that "BAT" is not the same as "TAB"

    then the general answer is n!/r! or:

    62!/ (pwd length)! Where "!" means the factorial function.

    Just like picking a lottery number.

    PS. It's easier to break the password encryption scheme than guess the actual password.
  17. Figured I'd use this one. I'm trying to crack my password for something I got years ago, but I don't know how worth it it is. I need to know the number of possibilities for a 4 character password which has 6 characters to use. Basically 1111 to 6666. I'm good at maths, but that's only at a low level still. If someone can just work out what it is, that would be great.

  18. Use the Multiplication Principle of Counting: You have 6 choices for the first character, 6 choices for the second character, 6 for the third, and 6 for the fourth, so altogether you have 6*6*6*6 choices for a string of 4 characters.
    The principle comes from the following thought experiment. If you have a string of two characters with m choices for the first character and n choices for the second character, then first counting all possible strings starting with characters in the first space. For each character in the first space, there will be n possibilities for the second space. Ie., if the first character can be any letter in the alphabet, you would have sets like {A_, A_, ...}, {B_, B_, ...}, ... ,{Z_, Z_, ...} where the underscores are replaced by characters from the second set (of size n). Thus, you should have m sets of n strings, or m*n total strings.
  19. HallsofIvy

    HallsofIvy 41,264
    Staff Emeritus
    Science Advisor

    No. That would be true if the same letter or numeral could not be used twice in the same password and that is not true.
  20. If there are any files in the zip archive that you have unencrypted, or it is encrypted using any early version (as you seem to suggest), then there are flaws in the scheme that have been exploited, and can recover the password near instantaneously. if there is an unencrypted files that is also present in the archive, then there is something that is called a plain text attack that can be used. basically, is uses patterns between the encrypted and unencrypted copies to get the password. gets an alphanumeric 10 character password in about an hour on an average desktop.
Know someone interested in this topic? Share this thead via email, Google+, Twitter, or Facebook

Have something to add?