Python Challenge: How Secure Is My Password?

Posted on by Administrator Posted in Computer Science, Python - Intermediate, Python Challenges, Solved Challenges

Passwords are the first line of defence protecting our online accounts. But how secure is your password really?

In this Python challenge we will create a program that estimates how long it would take for a hacker to guess a password using a brute-force attack.

A brute-force attack works by trying every possible password combination until the correct one is found.

Password Estimated Time to Crack
abc A few milliseconds
password Less than a second
werDFG67g$%^K1e Several years

There are some online tools such as this password checker from security.org to estimate how secure your password is, and to estimate how long it would take for for a hacker to crack your password using a brute force attack.

Step 1 – Understanding Password Strength

The difficulty of cracking a password depends on two main factors.

1. Password Length

Longer passwords take much longer to guess.

2. Character Variety

Passwords become stronger if they include:

  • Lowercase letters (a–z)
  • Uppercase letters (A–Z)
  • Numbers (0–9)
  • Symbols (!@#$%^&*)

The more character types used, the larger the number of possible combinations.

Character Type Possible Characters
Lowercase letters 26
Uppercase letters 26
Numbers 10
Symbols ~32

Step 2 – Calculating Possible Passwords

If a password uses N possible characters and has a length of L, the total number of combinations is:

Example:

For a password that only contains 3 lowercase letters of the alphabet:

26³ = 17,576 combinations

Step 3 – Estimating Guessing Speed

Modern brute-force tools can test billions of guesses per second.

For this project we will assume:

1,000,000,000 guesses per second

The time to crack the password is therefore:

Step 4 – Python Program

To create our own “password Security Estimator” we will start by asking the user to enter a password.

password = input("Enter a password: ")

We will then work out the number of possible characters used in this password by evaluating if this password contains lowercase characters, uppercase characters, number digits and punctuation signs.

N = 0

#Let's find out if this password contains lowercase characters
for character in password:
   if character in "abcdefghijklmnopqrstuvwxyz":
      N = N + 26
      break

Now we can repeat this approach to see if the password includes uppercase characters, number digits or punctuation signs:

#Let's find out if this password contains uppercase characters
for character in password:
   if character in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
      N = N + 26
      break

#Let's find out if this password contains number digits
for character in password:
   if character in "0123456789":
      N = N + 10
      break

#Let's find out if this password contains punctuation signs
for character in password:
   if character in "!""#$%&'()*+,-./:;<=>?@[\]^_`{|}~":
      N = N + 32
      break

We can now word out the length of the password:

L = len(password)

We can apply the formula to calculate the total number of possible combinations using the ** operator (to the power of).

combinations = N ** L

The next step is to estimate, how long, in seconds, it would take to a brute force through all these combinations based on an estimate of 1 billion guesses per seconds.

guessesPerSecond = 1000000000
seconds = combinations / guessesPerSecond

Finally we will output the results using the most appropriate unit of time (milliseconds, seconds, minutes, hours, days, months or years). To do so we will create a function to format/convert the number of seconds to the most appropriate unit of time.

def formatTime(seconds):

    if seconds < 0.001:
        return "a few milliseconds"

    if seconds < 60:
        return str(int(seconds)) + " seconds"

    minutes = seconds / 60
    if minutes < 60:
        return str(int(minutes)) + " minutes"

    hours = minutes / 60
    if hours < 24:
        return str(int(hours)) + " hours"

    days = hours / 24
    if days < 365:
        return str(int(days)) + " days"

    months = days / 30
    if months<12:
        return str(int(months)) + " months"

    years = days / 365
    return str(int(years)) + " years"

print("Estimated cracking time: " + formatTime(seconds))

Example Output

Example 1

Enter a password: abc
Estimated cracking time: a few milliseconds
Example 2

Enter a password: password
Estimated cracking time: 0.02 seconds
Example 3

Enter a password: pa$$word!
Estimated cracking time: 85 days

Your Turn

Type the code provided below in the following online IDE and estimate the time it would take to crack the following passwords:

Password Estimated Time?
qwertyuiop
P4$$w0rd
weakpassword
123456789
werDFG67g$%^K1e!

unlock-access

Solution...

The solution for this challenge is available to full members!
Find out how to become a member:
➤ Members' Area

Did you like this challenge?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

As you found this challenge interesting...

Follow us on social media!


Other challenges you may enjoy...