Python Challenge: How Secure Is My Password?

Posted on by Administrator Posted in Computer Science, Python - Intermediate, Python Challenges, Solved Challenges

Passwords are the first line of defence protecting our online accounts. But how secure is your password really?

In this Python challenge we will create a program that estimates how long it would take for a hacker to guess a password using a brute-force attack.

A brute-force attack works by trying every possible password combination until the correct one is found.

Password Estimated Time to Crack
abc A few milliseconds
password Less than a second
werDFG67g$%^K1e Several years

Check our online password checker tool to estimate how secure your password is, and to estimate how long it would take for for a hacker to crack your password using a brute force attack.

Step 1 – Understanding Password Strength

The difficulty of cracking a password depends on two main factors.

1. Password Length

Longer passwords take much longer to guess.

2. Character Variety

Passwords become stronger if they include:

  • Lowercase letters (a–z)
  • Uppercase letters (A–Z)
  • Numbers (0–9)
  • Symbols (!@#$%^&*)

The more character types used, the larger the number of possible combinations.

Character Type Possible Characters
Lowercase letters 26
Uppercase letters 26
Numbers 10
Symbols ~32

Step 2 – Calculating Possible Passwords

If a password uses N possible characters and has a length of L, the total number of combinations is:

Example:

For a password that only contains 3 lowercase letters of the alphabet:

26³ = 17,576 combinations

Step 3 – Estimating Guessing Speed

Modern brute-force tools can test billions of guesses per second.

For this project we will assume:

1,000,000,000 guesses per second

The time to crack the password is therefore:

Step 4 – Python Program

To create our own “password Security Estimator” we will start by asking the user to enter a password.

password = input("Enter a password: ")

We will then work out the number of possible characters used in this password by evaluating if this password contains lowercase characters, uppercase characters, number digits and punctuation signs.

N = 0

#Let's find out if this password contains lowercase characters
for character in password:
   if character in "abcdefghijklmnopqrstuvwxyz":
      N = N + 26
      break

Now we can repeat this approach to see if the password includes uppercase characters, number digits or punctuation signs:

#Let's find out if this password contains uppercase characters
for character in password:
   if character in "ABCDEFGHIJKLMNOPQRSTUVWXYZ":
      N = N + 26
      break

#Let's find out if this password contains number digits
for character in password:
   if character in "0123456789":
      N = N + 10
      break

#Let's find out if this password contains punctuation signs
for character in password:
   if character in "!""#$%&'()*+,-./:;<=>?@[\]^_`{|}~":
      N = N + 32
      break

We can now word out the length of the password:

L = len(password)

We can apply the formula to calculate the total number of possible combinations using the ** operator (to the power of).

combinations = N ** L

The next step is to estimate, how long, in seconds, it would take to a brute force through all these combinations based on an estimate of 1 billion guesses per seconds.

guessesPerSecond = 1000000000
seconds = combinations / guessesPerSecond

Finally we will output the results using the most appropriate unit of time (milliseconds, seconds, minutes, hours, days, months or years). To do so we will create a function to format/convert the number of seconds to the most appropriate unit of time.

def formatTime(seconds):

    if seconds < 0.001:
        return "a few milliseconds"

    if seconds < 60:
        return str(int(seconds)) + " seconds"

    minutes = seconds / 60
    if minutes < 60:
        return str(int(minutes)) + " minutes"

    hours = minutes / 60
    if hours < 24:
        return str(int(hours)) + " hours"

    days = hours / 24
    if days < 365:
        return str(int(days)) + " days"

    months = days / 30
    if months<12:
        return str(int(months)) + " months"

    years = days / 365
    return str(int(years)) + " years"

print("Estimated cracking time: " + formatTime(seconds))

Example Output

Example 1

Enter a password: abc
Estimated cracking time: a few milliseconds
Example 2

Enter a password: password
Estimated cracking time: 0.02 seconds
Example 3

Enter a password: pa$$word!
Estimated cracking time: 85 days

Your Turn

Type the code provided below in the following online IDE and estimate the time it would take to crack the following passwords:

Password Estimated Time?
qwertyuiop
P4$$w0rd
weakpassword
123456789
werDFG67g$%^K1e!

unlock-access

Solution...

The solution for this challenge is available to full members!
Find out how to become a member:
➤ Members' Area

Did you like this challenge?

Click on a star to rate it!

Average rating 4.2 / 5. Vote count: 17

No votes so far! Be the first to rate this post.

As you found this challenge interesting...

Follow us on social media!


Other challenges you may enjoy...