PASSWORD STRENGTH STUDY USING THE ZXCVBN ALGORITHM AND BRUTE-FORCE TIME ESTIMATION TO STRENGTHEN CYBERSECURITY

Authors

  • Whisnu Yudha Saputra Universitas Amikom Purwokerto
  • Sugiarti Sugiarti Universitas Amikom Purwokerto
  • Haris Junianto Universitas Amikom Purwokerto
  • Didit Suhartono Universitas Amikom Purwokerto

DOI:

https://doi.org/10.33480/pilar.v21i1.6119

Keywords:

brute-force estimation, password, zxcvbn

Abstract

This research analyzes password strength based on its length and complexity using brute force attack simulations. The study begins with collecting password data from various sources to ensure sufficient variation in complexity levels. Next, the passwords are evaluated using the Zxcvbn algorithm, which provides a strength score as well as information about the time required to crack them. The same passwords are also evaluated using Brute-force Time Estimation to calculate the estimated time required to crack the password. After both algorithms have been evaluated, the results are analyzed to find the correlation between the Zxcvbn score and the estimated brute force time. The results of the data analysis are then visualized in the form of graphs or diagrams to facilitate understanding and assessment of password security. This simulation estimates the time required to guess a password, depending on the level of password complexity. Although the simulation results show that long and complex passwords are more secure, the actual strength of the password is highly dependent on the tools used by the attacker. In addition, digital security is not only limited to passwords, but also depends on various loopholes that can be exploited, such as personal data leaks or software vulnerabilities. Therefore, a comprehensive security approach is essential to protect users from potential cyberattacks. This study aims to provide in-depth insights into the strength and vulnerability of passwords and the effectiveness of algorithms in assessing password security.

Downloads

Download data is not yet available.

References

Alkhwaja, I., Albugami, M., Alkhwaja, A., Alghamdi, M., Abahussain, H., Alfawaz, F., Almurayh, A., & Min-Allah, N. (2023). Password Cracking with Brute Force Algorithm and Dictionary Attack Using Parallel Programming. Applied Sciences (Switzerland), 13(10). https://doi.org/10.3390/app13105979

Blancaflor, E. B., Dela Cruz, M. R. A., Espanola, J. M. V., Laurena, L. R. V., Maranan, J. W. J., & Pinza, M. G. D. (2021). Password Strength Assessment on a Laptop Device using an Online Password Recovery Tool Cain & Abel. ACM International Conference Proceeding Series, 16–22. https://doi.org/10.1145/3483816.3483820

Chakraborty, N., Mukherjee, M., Li, J., Shojafar, M., & Pan, Y. (2022). Cryptanalysis of a Honeyword System in the IoT Platform. IEEE Internet of Things Journal, 9(4), 2614–2626. https://doi.org/10.1109/JIOT.2021.3080676

Chowdhury, A. N. (2024). Analyzing Password Strength: A Combinatorial Entropy Approach. Conference: The 22nd International Conference on Computer and Information Technology, January. https://doi.org/10.5281/zenodo.10487696

Chudasama, D., & Bhavsar, R. (2022). Technical Methods of Information Gathering. Journal of Web Engineering and Technology, 8(3), 1–5. https://doi.org/10.37591/JoWET

Hong, K. H., Kang, U. G., & Lee, B. M. (2021). Enhanced Evaluation Model of Security Strength for Passwords Using Integrated Korean and English Password Dictionaries. Security and Communication Networks, 2021. https://doi.org/10.1155/2021/3122627

Kheshaifaty, N., & Gutub, A. (2021). Engineering Graphical Captcha and AES Crypto Hash Functions for Secure Online Authentication. Journal of Engineering Research, 69–80. https://doi.org/10.36909/jer.13761

Kim, S. J., & Lee, B. M. (2023). Multi-Class Classification Prediction Model for Password Strength Based on Deep Learning. Journal of Multimedia Information System, 10(1), 45–52. https://doi.org/10.33851/jmis.2023.10.1.45

Kokaji, A., & Goto, A. (2022). An analysis of economic losses from cyberattacks: based on input–output model and production function. Journal of Economic Structures, 11(1). https://doi.org/10.1186/s40008-022-00286-4

Kovba, D. M., & Moiseenko, Y. Y. (2021). The Digital Society in the 21st Century: Security Issue. KnE Social Sciences, 2020, 444–451. https://doi.org/10.18502/kss.v5i2.8387

Ozkan-okay, M., Yilmaz, A. A., Akin, E., Aslan, A., & Aktug, S. S. (2023). A Comprehensive Review of Cyber Security Vulnerabilities ,. Electronics, 12(1333).

Rifai, A., Meliyani, A., Chyntia, P., & Sakti, I. A. (2023). Penerapan Metode Technology Threat Avoidance Theory Terhadap Tingkat Kesadaran Data Privasi Pengguna Media Sosial. Journal of Information System Research (JOSH), 4(3), 1026–1032. https://doi.org/10.47065/josh.v4i3.3081

Sarkar, S., & Nandan, M. (2022). Password Strength Analysis and its Classification by Applying Machine Learning Based Techniques. 2022 2nd International Conference on Computer Science, Engineering and Applications, ICCSEA 2022, April, 4–9. https://doi.org/10.1109/ICCSEA54677.2022.9936117

Sedláček, J. (2022). Empirical evaluation of passwords : influence of the modified zxcvbn. Linz : Trauner Verlag, 269–276. https://doi.org/https://doi.org/10.35011/IDIMT-2022-269

Sharaa, B. Al, & Thuneibat, S. (2024). Ethical hacking: real evaluation model of brute force attacks in password cracking. Indonesian Journal of Electrical Engineering and Computer Science, 33(3), 1653–1659. https://doi.org/10.11591/ijeecs.v33.i3.pp1653-1659

Temitayo Oluwaseun Abrahams, Sarah Kuzankah Ewuga, Samuel Onimisi Dawodu, Abimbola Oluwatoyin Adegbite, & Azeez Olanipekun Hassan. (2024). A Review of Cybersecurity Strategies in Modern Organizations: Examining the Evolution and Effectiveness of Cybersecurity Measures for Data Protection. Computer Science & IT Research Journal, 5(1), 1–25. https://doi.org/10.51594/csitrj.v5i1.699

Verma, R., Dhanda, N., & Nagar, V. (2022). Enhancing Security with In-Depth Analysis of Brute-Force Attack on Secure Hashing Algorithms. Proceedings of Trends in Electronics and Health Informatics, 513–522. https://doi.org/10.1007/978-981-16-8826-3_44

Downloads

Published

2025-03-14

How to Cite

Saputra, W. Y., Sugiarti, S., Junianto, H., & Suhartono, D. (2025). PASSWORD STRENGTH STUDY USING THE ZXCVBN ALGORITHM AND BRUTE-FORCE TIME ESTIMATION TO STRENGTHEN CYBERSECURITY. Jurnal Pilar Nusa Mandiri, 21(1), 52–59. https://doi.org/10.33480/pilar.v21i1.6119

Issue

Vol. 21 No. 1 (2025): Pilar Nusa Mandiri : Journal of Computing and Information System Publishing Period for March 2025

Section

Articles

License

Copyright (c) 2025 Whisnu Yudha Saputra, Sugiarti Sugiarti, Haris Junianto, Didit Suhartono

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

An author who publishes in the Pilar Nusa Mandiri: Journal of Computing and Information System agrees to the following terms:

  1. Author retains the copyright and grants the journal the right of first publication of the work simultaneously licensed under the Creative Commons Attribution-NonCommercial 4.0 License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal
  2. Author is able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book) with the acknowledgement of its initial publication in this journal.
  3. Author is permitted and encouraged to post his/her work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of the published work (See The Effect of Open Access).
    Read more about the Creative Commons Attribution-NonCommercial 4.0 Licence here: https://creativecommons.org/licenses/by-nc/4.0/.