How Secure is a 24 Character MySQL Password?
In this article, we explore the security of a 24-character MySQL password and answer common questions regarding database visibility, password cracking, and brute force attacks. We discuss the importance of a strong password and the impact of different hash algorithms on password security.
Is my database name visible?
I don’t know.
Does a hacker need both the database name and the password to crack it?
If a potential attacker wants to login to your database, for sure he needs your name as well as your password.
How long would it take to brute force it?
If a potential attacker compromises your password hash (let’s imagine with a weak hash algorithm, like MD5) he could test about 8-10 billion hashes/s with one Nvidia GTX Titan X (offline).
Let’s say you use a 24-character password with A-Z, a-z, 0-9
. Now the number of combinations can be calculated by Character-Set^length
. In your case, the equation is:
62^24 = 10^43 Combinations (Tredecillion).
If you divide this by 10 billion hashes/s you will get approximately a worst case of 33 septillion years to crack this password.
In other words, no one today is capable of brute-forcing a password with 24 characters hashed with a weak algorithm like MD5. If you use a hash like Sha512, you could reduce the Hashrate of the GPU down to million or thousand hashes/s.