# Probability of guessing a password

1. Mar 3, 2010

### alman9898

1. The problem statement, all variables and given/known data
Consider a simple password scheme using only two lowercase letters. A hacker is given 5 chances to guess the pw before being detected. Computer probability hacker is successful.

2. Relevant equations
p = 1/(26*26)

3. The attempt at a solution

I'm assuming the hacker isn't guessing randomly, but without replacement.

I feel that I may be multiplying the wrong probabilities, but what the heck:

P(attacker is successful) = $$\frac{1}{26^{2}} + \frac{1}{26^{2}*(26^{2}-1)} + \frac{1}{26^{2}*(26^{2}-1)*(26^{2}-2)} + \frac{1}{26^{2}*(26^{2}-1)*(26^{2}-2)*(26^{2}-3)} + \frac{1}{26^{2}*(26^{2}-1)*(26^{2}-2)*(26^{2}-3)*(26^{2}-4)}$$

This was an intuitive guess, since each guess is equally likely, I just subtract one from the sample space for each of the five guesses.

2. Mar 3, 2010

### Dick

There are 26*26 possible passwords. Only one of them is correct. The hacker gets 5 chances. So, yes, the hacker will pick 5 different possibilities of that group of 26*26 passwords. You are way overthinking this problem.

3. Mar 4, 2010

### alman9898

Wait, what? I don't think 5/(26*26) would be the right answer, since that implies there is a 5 in 26^2 chance that they get the answer right on the first try...

My teacher has since told me to assume the attempts are independent (dumb hacker, I guess) so I'm modeling this as a geometric distribution with p = 1/(26*26). The total probability will be the probability hacker is successful in one try, two tries, three, four, or five tries all summed up. Does that sound right?

4. Mar 4, 2010

### Dick

Or do you actually mean the tries are TRULY independent? I.e. he forgets which passwords he's tried before? Oh, I'll bet you do, sorry. Then you can treat the problem more easily by computing the odds the hacker will fail. He needs to guess the wrong password five times in a row.

5. Feb 5, 2011

### thst1003

For this problem, the wisest way to go about it is the way that you said. Think about it this way. If it is independent and the hacker may or may not retry the same password. One must compute the odds that the hacker will get it right on his first try. That means 1/(26*26). Once we get this we multiply this by five. That will give you the correct answer.