LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

Why is it said that no password is uncrackable (Kein Passwort ist unknackbar) — what does that mean in practice?

Given infinite time, every password falls. The goal isn't unbreakable — it's making cracking economically infeasible.

The principle:

A password is just a finite string. With enough compute time, brute force will eventually try every combination. So security isn't binary; it's economic — make cracking cost more than the data is worth.

What "uncrackable enough" looks like:

Password type Crack time (modern GPU)
8 chars, lowercase seconds
8 chars, mixed hours
12 chars, mixed thousands of years
6-word random passphrase trillions of years

The catch — Moore's Law:

GPU speed roughly doubles every 18 months. A password that takes 100 years today might take 1 year in 2040. So pick lengths that have decades of headroom.

Quantum threat:

Grover's algorithm on a future quantum computer would effectively halve password strength (e.g. 128-bit → 64-bit). Hashing functions already account for this with output sizes ≥256 bits.

Tip: This is why password rotation policies (NIST has actually deprecated mandatory rotation) matter less than length and uniqueness. A 16-char unique password rotated every 5 years beats an 8-char password rotated monthly.

Go deeper:

From Quiz: INTROL / Password Cracking | Updated: Jul 14, 2026