How secure is a "root" password that's 26 alphanumeric characters long?

root password linux ubuntu

Interesting question and testing of the hackers with the Chinese IP!

I'll assume that by 'alphanumeric', you mean [A-Za-z0-9], or 62 characters. If they average 3 days to crack an 8-character password, then it should take 6 days to cover all of the 62^8 possible passwords, so they're able to guess 62^8 ÷ (6×24×60×60) = 421180759 passwords per second.

A 26-character password at that same rate would take 62^26 ÷ 2 ÷ 421180759 ÷ (60×60×24×365), or 1.5 nonillion years to break, on average.

That said, 421180759 passwords per second is really impressive. I'm guessing your 8-character passwords are not truly random, but rather made up of dictionary words or other semi-predictable components, thus making our guesses-per-second calculation off. They probably can't break the 26-character password in 1.5 nonillion years.

By the way, password strength is often measured in bits of entropy. The 8-character password is log₂(62^8), or 48 bits of entropy, assuming it's truly random. The 26-character password comes in at a whoppping 155 bits of entropy! If you haven't seen it, you also must read the classic xkcd password strength commic.

Related

Original php mysql extension for php56
Upgrade image in a Deployment's pods
openssl keeps creating v1 certificate instead of v3
SSL invalid on Lightsail Bitnami Wordpress Multisites after new instance made from snapshot
cut backend subsite on proxy for accessing files as root path
Why does one usb flash drive have different serial numbers in different operating systems?
Can't write on FAT32 partition although having rw mount option?
What `apt` configuration file should the Never-Include-Phased-Updates flag be placed in?
Ubuntu 20.04 LTS on DELL laptop - no wireless internet connection
How to delay restart process in Ubuntu
How to install afpfs-ng in Ubuntu 20.04?
No grub menu at boot