Math Problem: How Long to Crack Your Password

A 6-character password using only lowercase letters has 26^6 possible combinations. That's 308,915,776. Three hundred million sounds like a big number until you realize that a modern GPU running hashcat can test over 100 billion MD5 hashes per second. Your 308 million combinations would be exhausted in 0.003 seconds. That's not a typo. Three milliseconds. This is why password security is fundamentally a math problem, and once you understand the math, the best practices stop sounding like arbitrary rules and start sounding like obvious conclusions. The entropy calculation Password strength is measured in bits of entropy. The formula is straightforward: entropy = log2(characters ^ length) Or equivalently: entropy = length * log2(characters) The "characters" value is the size of the character set. Lowercase letters give you 26. Add uppercase and you get 52. Add digits and you reach 62. Add common symbols and you're around 95. Here's what that looks like for an 8-character password: Lowerc