How Secure is a 24 Character MySQL Password?

In this article, we explore the security of a 24-character MySQL password and answer common questions regarding database visibility, password cracking, and brute force attacks. We discuss the importance of a strong password and the impact of different hash algorithms on password security.

Is my database name visible?

I don’t know.

Does a hacker need both the database name and the password to crack it?

If a potential attacker wants to login to your database, for sure he needs your name as well as your password.

How long would it take to brute force it?

If a potential attacker compromises your password hash (let’s imagine with a weak hash algorithm, like MD5) he could test about 8-10 billion hashes/s with one Nvidia GTX Titan X (offline).

Let’s say you use a 24-character password with A-Z, a-z, 0-9. Now the number of combinations can be calculated by Character-Set^length. In your case, the equation is:

62^24 = 10^43 Combinations (Tredecillion).

If you divide this by 10 billion hashes/s you will get approximately a worst case of 33 septillion years to crack this password.

In other words, no one today is capable of brute-forcing a password with 24 characters hashed with a weak algorithm like MD5. If you use a hash like Sha512, you could reduce the Hashrate of the GPU down to million or thousand hashes/s.

Leave a Reply

Your email address will not be published. Required fields are marked *