My Password Is 8 Times More Secure Than Yours

Probability Level 3

An iPhone developer was having difficulty parsing the input that his users provided. As such, instead of having users enter a single password of 8 characters, he requires that the user enter 8 passwords of a single character each. The passwords are entered sequentially, with the app asking the user to enter the next password only once when he/she has successfully entered the previous passwords . He feels that this gives the same level of security, as there are 8 letters in the password.

If each character of the password is either a digit from $0$ through $9$ or a capital letter $A$ to $Z,$ what is the minimum number of guesses that a hacker must make in order to be sure to correctly enter all the passwords?

The answer is 288.

4 solutions

Trevor B.
Feb 25, 2014

It's tempting to say that the answer is $36^8$ , but that is the number of possible passwords that the user can create. The password goes one character at a time, so there are $36$ possible choices for each individual character. For a given place in the sequence, you get turned back when you get one character wrong, so you can simply try each character and see if it turns you back. If it doesn't then that is the correct character for the sequence.

You need to check $36$ different entities per character in the sequence. There are $8$ characters in the sequence. Therefore, the answer is $36\times8=\boxed{288}$ $\text{..................................................................................................................................}$ $\textbf{Extra}$

The software developer is making a very bad idea. There are only $36\times8=288$ possible sequences to check for their idea, but if you are guessing passwords that are $8$ characters long, there are $36^8=2,821,109,907,456$ sequences to check. This means that the developer's idea would make it $99.99999999\%$ easier for hackers to guess the password.

It should be 35*8+1=281 because after he hacker guesses the first pass correctly, he gets to guess the second pass in the same attempt.

Daniel Wang - 7 years, 3 months ago

I think this question was not written properly. I asked for the explanation of the question but was never answered.

My attempt was 281.

Nishant Sah - 7 years, 3 months ago

yes, the logic of last character applies to all the 8 blanks. hence the answer is 281.

Sanket Agrawal - 7 years, 3 months ago

Ah, but it says not for him to correctly guess the last one, but for him to actually log in.

Finn Hulse - 7 years, 3 months ago

It is stated that "the app asking the user to enter the next password only once when he/she has successfully entered the previous passwords"

So, even though you may know what the correct value is, you still have to enter it in. As such, you don't 'save' one step.

Calvin Lin Staff - 7 years, 3 months ago

Pretend the pass is "99999999".

First 35 guesses: A-Z,0-8

36th guess, 9A

37th guess, 9B

...

70th guess, 98

71st guess, 99A

...

380th guess, 99999998

381st guess, 99999999

Daniel Wang - 7 years, 3 months ago

@Daniel Wang – Very clear (evident typos apart). This, if logic is not an opinion , is an irrefutable demonstration that the hacker is "sure to correctly enter all the passwords" after 280 guesses. The 281th, indeed, is not a guess hence the 8 digits are already known.

Luciano Riosa - 7 years, 3 months ago

@Daniel Wang – The point is that "enter the next password only once when he/she has successfully entered the previous passwords."

So your 36th guess cannot be 9A, and has to be 9, in order for you to proceed on.

Calvin Lin Staff - 7 years, 3 months ago

Yeah, but unless you're a really dumb hacker, you should remember it at least.

Finn Hulse - 7 years, 3 months ago

the answer should be 287. Because after that 287 tries he would be sure about the last character. So, according to me it should be 287

Sanket Agrawal - 7 years, 3 months ago

I see what you are saying, but by that reasoning, it should be 280. There are 36 possilble "combinations" for each password, but in each of those passwords he only needs 35 guesses, as the last "guess" is never a guess but certain knowledge. That happens for every password, so 35*8=280.

Shattered Heavens - 7 years, 3 months ago

I think the main problem here is the ambiguity of the problem. What is called a "guess" is not clearly defined.

Vincent Tandya - 7 years, 3 months ago

In this context, "guess" means "an attempt"

Amlan Mishra - 7 years, 3 months ago

I see what you're saying. However, the question doesn't ask for the maximum number of guesses it could take to be sure of the answer. It asks for the minimum number of guesses that a hacker must make in order to be sure to correctly enter all the passwords. So I think it'd still be 288.

Kelly Croteau - 7 years, 3 months ago

Exactly!! "minimum no. of guesses" i.e. the no. of guesses after which he is sure about the password. so don't you think it would be 287

Sanket Agrawal - 7 years, 3 months ago

@Sanket Agrawal – Ooh, I see what you're seeing. Except, it keeps going. "To be sure to correctly enter all the passwords." If he cares about actually entering all of them, it's still 288. Right?

Kelly Croteau - 7 years, 3 months ago

I think the number of attempts after which the hacker can be sure of the entire Password is 280. It goes this way: Say the first letter is K. The hacker tries 35 times any letter other other than K. So after 35 attempts, he can be sure that the only letter missing from his attempts is K. Then in 36th attempt, he knows that the first pass-code is K. Now he enters K as his first pass-code and guesses the second passcode .So the first attempt of guessing the second pass-code is, in fact, his 36th attempt. So after 70 total attempts, he can be sure of the second pass-code as well. Now in his 71st attempt, he guesses the third pass-code for the first time. He does so for all the 8 passwords 35 * 8 times, after which he is sure of all the eight pass-codes. So it's 35 * 8=280 attempts.

Please feel free to correct me if my logic is flawed.

Bharadwaj Sangaraju - 7 years, 3 months ago

Yes, I got that answer too. But I got another answer which I am sure it is correct after trying to figure out the problem out after my first attempt of 281 was wrong (which sadly brought my combinatorics rating under 2000).

On the first password, if the user tries $35$ passwords and they're all wrong, then it is $gauranteed$ that the only password he hasn't tried is correct (for example, if the password was 11112211, then after he\she tries $0,2,3,\cdots9, A,B,C\cdots Z$ , he/she knows immediately that the first password is $1$ ). So therefore the user can enter the first password and then make a guess on the 2nd password on his $35th$ try on the first password. Therefore after, since the user already got a free try for it on his last attempt on the previous password, then for all the other passwords we can use the same logic as above of trying $34$ passwords then knowing that the only password left is correct for a total of $35+34\cdot7=\boxed{273}$ tries.

Tom Zhou - 7 years, 3 months ago

On his 35th try the hacker can insert a guess for the second password only whether he/she has the first one... * and he/she has not *. Because the first password is ... (what a bad luck!) the 36th and last digit not yet tried.... So the correct answer is 35X8. After 280 guesses the hacker, has no need to insert another try, given he/she has the mathematical knowledge of the entire set of passwords.

Luciano Riosa - 7 years, 3 months ago

solution doesn't clear

srinivasarao kakulapati - 7 years, 2 months ago

This is a highly ambiguous question.. suppose u got the 1st, 2nd.... passwords with less than 36 guesses... what then? 288 is not the minimum no of guesses but maximum...

Ayan Bhuyan - 7 years, 2 months ago

I think that the minimum number of guesses is the minimum number he has to take to get all 8 passwords correctly. So by that reasoning, if the password is 00000000, and the hacker always guesses 0 first, the minimum is 1. It is always true that if he guesses correctly the first time, the MINIMUM is one.

Billybob Jenkins - 7 years, 3 months ago

The question asks the number of minimum guesses to be sure , not just by chance.

Vincent Tandya - 7 years, 3 months ago

Finn Hulse
Mar 2, 2014

It's really not too tough. There are 36 numbers/letters, and 8 times you must type them in, but it isn't dependent probability! Thus, $36 \times 8=\boxed{288}$ .

It must be 35*8.

Champak Nayak - 7 years, 3 months ago

Ak Sharma
Feb 26, 2014

total 8 entries and 36 way to fill each entry to be sure that it is correct minimum is to try all possible 36 *8 = 288

Shashank Gowda
Feb 26, 2014

The question states that there are 8 passwords of 1 character each, and if upto the nth password has been correctly found then only he can guess the (n+1)th password.

To guess the 1st password the hacker would mostly require 36 guesses(0 to 9 and A to Z). Once he finds out the 1st password, the would again need 36 guesses for the next one. So when he finding the 3rd password he already knows the 1st and 2nd, and he needs 36 guesses for the 3rd one.

This way proceeding to 8 passwords the hacker would have guesses 36 X 8 = 288 times

it should be 280 which is 8*(26 for A to Z+ 9 for 0 to 8 ) it no one is match then it should be 9 which is understood

Yogendra Singh Kushwah - 7 years, 3 months ago

The fact is I tried the same way and it told me my answer was wrong :( . You are right, but 280 was not accepted

Shashank Gowda - 7 years, 3 months ago

My Password Is 8 Times More Secure Than Yours

The answer is 288.

4 solutions

0 pending reports