Logging in securely to personal accounts requires passwords. But when creating passwords, there are a few factors that you need to take into account. A password has to be memorable, secure and unique. It's easy to skimp on one (or more) of these criteria, like reusing hard-to-remember passwords multiple times. This exposes passwords to brute-force attacks – but what are they and how can they be counteracted?

Brute-force attacks work by trying to guess a password or hash. The computer programs used for brute-force attacks can guess anywhere from 10 thousand to 100 billion passwords per second. A successful attack can then be used, for example, to intercept a transaction and send it to a different address.

To prevent brute-force attacks, Ryder uses mathematics to generate a collection of eight digital colored shapes we call ”Cryptoglyphs”. These can be verified without a lot of effort by the user, but take a very long time for a  brute-force attack to decipher.

“How long?”, you might ask.

Ryder’s collection of eight Cryptoglyphs comes from a predefined set, consisting of 16 different shapes, each in eight colors (for a total of 128 unique Cryptoglyphs). Plugging these values into the following equations will give us an idea of how long a brute-force attack might take.

Using the entropy formula gives us log2(128^8) = 56 bits of entropy.

We can then use the entropy value to calculate the estimated time it takes for a brute-force attack to generate a set of similar Cryptoglyphs:

• Assuming the attacker has a somewhat decent computer, e.g. 1 million guesses per second, generating an identical Cryptoglyph would take 36,028,797,019 seconds – over 1,142 years.

• Assuming the attacker has an extremely strong computer, e.g. 350 billion guesses per second, generating an identical Cryptoglyph would take 102,939 seconds, over 28 hours.

• Now imagine a government intelligence agency would attempt a brute-force attack. Their computer could potentially guess up to 100 trillion times a second. Generating an identical Cryptoglyph would take an average of 360 seconds or six minutes.

Six minutes, while it sounds short, is actually a long time while the user is waiting for the Cryptoglyphs to show up. In comparison, a set of eight random characters from a keyboard would take a mere 22.5 seconds to break. It’s also important to mention that not all inputs are valid or desirable, so the attacker is constrained in the types of guesses. The attacker would need to find a valid transaction that moves the victim’s tokens to their address and has the same Cryptoglyphs as the legitimate transaction. A very tall order!

At Ryder, security is key. A reliable and easy-to-use hash verification system like Cryptoglyphs will help you stay secure without worrying about mistakes or checking long and tedious hexadecimal numbers.

Cryptoglyphs are open source and can be found on GitHub: https://github.com/Light-Labs/cryptoglyphs-ts. Everyone is welcome to use it to better secure their wallets.