Strong Passwords by Jacques gascuel This article will be updated with any new information on the topic, and readers are encouraged to leave comments or contact the author with any suggestions or additions.
How to Protect Your Passwords from Quantum Computers Introduction
Do you know that quantum computers could break your passwords in seconds? This could expose your personal and financial data to hackers. To prevent this, you need to create strong passwords that can resist quantum attacks. In this article, you will learn how to do it easily and effectively.
How to create strong passwords in the era of quantum computing?
Quantum computing is a technology that promises to revolutionize the field of computation by exploiting the properties of subatomic particles. It offers unprecedented possibilities for scientific research, artificial intelligence or cryptography. But it also represents a risk for the security of data and online communications. Indeed, quantum computers could be able to crack the secret codes that protect our passwords, our bank accounts or our private messages.
What is quantum computing? What is encryption? What is a brute force attack?How to protect ourselves from this threat? The answer is simple: create strong passwords and resist quantum attacks. But what is a strong password? And how to choose it? Here are some tips to help you strengthen your digital security in the era of quantum computing.
What is quantum computing and how does it work in video?
What is a strong password?
A strong password is a password that is hard to guess or crack by a hacker. It must be composed of at least 12 characters, mix uppercase and lowercase letters, numbers and symbols, and not contain dictionary words, proper names or personal data. For example, “P@ssw0rd123” is not a strong password, because it is too short, too simple and too common. On the other hand, “Qx7!tZ9#rGm4” is a strong password, because it is long, complex and random.
Why is a strong password important?
A strong password is important because it reduces the risk that your account will be hacked by a brute force attack. A brute force attack consists of testing all possible combinations of characters until finding the right password. The longer and more complex the password, the more possible combinations there are, and the more time and resources it takes to crack it.
For example, a password of 8 characters composed only of lowercase letters has about 200 billion (26^8) possible combinations. A classical computer can crack it in a few minutes. But a password of 20 characters composed of letters, numbers and symbols has about 10^39 (95^20) possible combinations. A classical computer would need 766 trillion years to crack it.
But what about quantum computers?
Quantum computers are able to perform calculations much faster and more powerful than classical computers thanks to their ability to manipulate qubits instead of bits. A qubit can take two states simultaneously (0 and 1), which allows it to explore multiple solutions at the same time. Thus, a quantum computer could theoretically crack a password by testing all possible combinations in parallel.
However, there are technical and practical limits to this ability. First, you need to have a quantum computer powerful and stable enough to perform this type of operation. However, current quantum computers are still very rudimentary and only have a limited number of qubits. Second, you need to know the type of encryption used to protect the password. However, there are encryption algorithms that are resistant to quantum attacks, such as symmetric encryption or elliptic curve encryption. Third, you need to have access to the system that stores the password. However, there are security measures that prevent unauthorized access, such as two-factor authentication or account locking after several unsuccessful attempts.
Thus, even if quantum computers represent a potential threat for the security of passwords, they are not yet able to crack them easily. Nevertheless, it is prudent to prepare for the advent of this technology by creating strong passwords and changing them regularly.
How to choose a strong password?
To choose a strong password, there are several methods. Here are some examples:
- The Diceware method: it consists of randomly choosing several words from a predefined list and separating them by spaces or symbols. For example, “piano cat star 7 &”. This method allows you to create passwords that are easy to remember and hard to crack.
- The XKCD method: it consists of choosing four random words and assembling them without space. For example, “correcthorsebatterystaple”. This method is inspired by a comic from the XKCD site that shows that this type of password is safer than a complex but short password.
The random generator method: it consists of using an online tool that creates a random password composed of letters, numbers and symbols. For example, “Qx7!tZ9#rGm4”. This is the method implemented in the evicore nfc and evicore hsm technology from Freemindtronic, which features a random password generator with Shannon entropy control. This technology also automatically calculates the number of bits of the generated password based on the type of printable ASCII 95 characters used. This method allows you to create very secure passwords but difficult or impossible to remember, which requires the use of a hardware or virtual password manager. Whatever the method chosen, it is important to follow some rules:
- Do not use the same password for multiple accounts or services.
- Do not write the password on a paper or store it on an insecure device.
- Do not share the password with other people or communicate it by email or phone.
- Do not use obvious clues or security questions to recover the password in case of forgetfulness.
- Use a password manager to store and manage your passwords securely.
Tools for creating and protecting strong passwords
If you want to create and protect strong passwords in the age of quantum computing, you can use some of these online tools to help you:
- Online password generator: A tool that creates a random and strong password composed of letters, numbers and symbols. For example, Mot de passe.xyz is a free and secure online password generator that lets you choose the length and types of characters for your password.
- Password strength calculator: A tool that calculates the entropy (the number of bits) of a password based on its length and the number of possible characters. For example, Password Entropy Calculator is a free online tool that shows you how strong your password is and how long it would take to crack it.
- Data breach checker: A tool that checks if your email or phone number has been exposed in a data breach. For example, Have I Been Pwned? is a free online service that lets you check if your personal information has been compromised by hackers.
Using these tools can help you create and protect strong passwords that are resistant to quantum attacks. However, you should also remember to use different passwords for different accounts, change them regularly, and use a password manager to store them safely.
In conclusion
Passwords are essential to protect our privacy and our data online. Faced with the potential threat of quantum computers, it is important to create strong passwords and resist quantum attacks. To do this, we need to choose passwords that are long and complex, change them regularly and manage them with caution. Thus, we will be able to enjoy the benefits of quantum computing without fearing for our digital security.
How much shorter is 1 character shorter password (in seconds, minutes, …, years) to crack?
“For example, “P@ssw0rd123” is not a strong password, because it is too short, too simple and too common. On the other hand, “Qx7!tZ9#rGm4” is a strong password, because it is long, complex and random.”
I could see the difference between 20 characters long non cryptic phrase and 13 character cryptic password. 20 character is harder to break than 13 even with quantum computers.
Thank you for your interesting and relevant comment. At Freemindtronic, we attach great importance to securing passwords. That’s why we developed the EviPass technology, which offers an effective solution to the risks associated with quantum attacks. EviPass is integrated into the PassCypher HSM PGP and PassCypher NFC HSM products, which have a random generator with entropy control based on Shannon, capable of producing passwords of more than 256 bits.
In your comment, you address the topic of length, complexity and random generation of passwords, as well as the difference between an encrypted and unencrypted password. This is a very relevant topic, which we will answer below.
The time required to decrypt a password depends on its length, complexity and entropy. The longer, more complex and higher entropy a password has, the harder it is to decrypt. The difference between a shorter and a longer password is exponential. For example, a 12-character password has 95 times more possible combinations than an 11-character password. This means that it would take 95 times longer to decrypt a 12-character password than an 11-character password. Thus, if we take the previous example, a 11-character random password would have about 5.7 \times 10^{22} possible combinations, and it would take about 1.8 \times 10^{13} seconds, or about 5.7 \times 10^{5} years, to decrypt it. This is still a very long time, but significantly lower than that of a 12-character password.
To estimate the time required to decrypt a password, we can use a mathematical formula that takes into account the length, complexity and computing power of the attacker. For example, if we consider a password composed of 12 random characters like the one you mentioned Qx7!tZ9#rGm4, chosen from 95 possible characters (26 uppercase letters, 26 lowercase letters, 10 digits and 33 special characters), the number of possible combinations is 95^{12}, or about 5.4 \times 10^{23}. If we assume that a quantum computer can test 10 billion passwords per second, it would take about 1.7 \times 10^{14} seconds, or about 5.4 \times 10^{6} years, to decrypt the password. This is a very long time, which makes the password practically inviolable.
The password “P@ssw0rd123” is considered weak because it is short, simple and common. On the contrary, the password “Qx7!tZ9#rGm4” is considered strong because it is long, complex and random. It is long, because it contains 12 characters. It is complex, because it uses a combination of uppercase and lowercase letters, digits and special characters. It is random, because it does not resemble any common word or phrase.
We can see the difference between an unencrypted phrase of 20 characters and an encrypted password of 13 characters. An unencrypted phrase of 20 characters is easier to decrypt than an encrypted password of 13 characters. This is due to the fact that an unencrypted phrase is more likely to contain common words or phrases, which can be easily guessed by an attacker. An encrypted password is harder to decrypt because it is generated randomly and does not contain common words or phrases.
In general, a longer password or passphrase is harder to decrypt than a shorter password, even with quantum computers. This is due to the fact that the number of possible combinations increases exponentially with the length of the password. However, the complexity of the password (i.e. the use of different types of characters such as uppercase and lowercase letters, digits and special characters) and its entropy also play an important role in the resistance of a password to decryption.
We invite you to read our article on passwords [766 trillion years to find a 20 character randomly generated password with EviPass].
and other article [Kevin Mitnick’s Password Hacking with Hashtopolis]
We hope we have answered your questions. Do not hesitate if you have any other questions!