Does it take longer to brute force a password starting with z than one starting with a?

In general, attackers are adaptive. They know what people think. If users tend to begin their passwords with 'z' then attackers will start their brute force with that letter.

Any specific strategy, such as choosing a 'z' as first letter, may give you an edge over the attacker only as long as the attacker does not know it; so talking about it on a public Q&A site is not the smartest move ever. Moreover, attackers always have the option to try passwords in a random order, which ensures a non-worst case for the attacker. When there are N equiprobable passwords, the average cost for the attacker is N/2 tries, and by trying the passwords in a random order, the attacker achieve that cost regardless of your choosing strategy.

The important point is that password protection is stochastic. For any specific password instance, an attacker can get lucky; he can also be especially unlucky. We thus analyse password resistance based on the password generation process, not based on a specific password instance: the generation process tells us what will be the average success rate of the attacker. "Average" is the crucial word.

Take note, too, that probabilities rule your life: whenever you get out of your home, you are taking the probabilistic bet that you will not be struck by lightning or bitten by an rampaging Rottweiler. You accept this because you instinctively perform a cost/benefit analysis and consider that such events are sufficiently improbable that they don't outweigh the benefits of being able to walk outside.

That concept just applies to passwords as well: you will rely on your password generation process having sufficiently high entropy, i.e. making attacker's success rate sufficiently low, that attackers will not even try (or won't succeed with high enough probability). In that sense, "aaaaaaaa" is not stronger or weaker than "zzzzzzzz", as long as the method you use to generate your password can produce both with equal probabilities. The strength of a password is not in what it is, but in what it could have been.


I would say yes. Not in any meaningful way (do not base you passwords on this), but still.

Letter Frequency

First of all, if you follow this rule, your password contains a 'z' instead of an 'a'. The letter 'a' occurs a lot more frequently in English text than the letter 'z' (this is also true for the beginning of a word), and as such it will be part of words in a wordlist more frequently. Also, many cracking mechanisms (such as John the Rippers Incremental mode) will probably crack a password containing an 'a' instead of a 'z' quicker. This is only a side-effect of your rule, but it is still relevant. And it does make it more probable that passwords starting with an 'a' are cracked than passwords starting with a 'z'.

Desperate cracking methods

Lets say that the cracker did all the common stuff first: wordlists, etc. They where not successfull. Now they might actually try passwords systematically (note that this will generally be the very last thing they try). Starting with a,b,...,z,aa,ab,... and so on. In this case, passwords starting with a would be cracked sooner. But it is highly unlikely that the attacker would just stop at azzz and not try bzzz,...zzzz as well. It would just take a bit longer

Again, this is not in any way actually meaningful. I would say that it does have an effect, but this effect can be neglected in the real world.

Your additional question

No, an attacker will not first compute all hashes (all hashes is a pretty big group), and compare them only at the end. They will compute one hash, compare it, compute another hash, compare it, and so on.


First, most tools/websites like "HowSecureIsMyPassword" do not only consider bruteforce attacks but also dictionary and rainbow attacks, as well as simple rules such as password length, character pool, use of words, etc. Hence passwords like aaaaaaa and ZZZZZZZ, will most of the time be evaluated the same way.

To the best of my knowledge, there is no "common" method of starting a bruteforce sequence apart from the simple a to ZZZZZZ (chosen to illustrate a point and not particular words/strings).

Answering your last question rises more questions: how "fast" is the bruteforce process (also depending on many things), what do you understand by "difference to calculate". In particular you can calculate the total pool of passwords and make some evaluation form there.

About the 144 quadrillion bruteforce for 1 year, I could say that this number also depends on quite a lot of factors. First, can we run unlimited bruteforce attempts? If we are submitting to a form which computes the hash, this will significantly reduce the "speed". If we are (offline/online) bruteforcing a hash, then we are talking about larger pools (128/256/512/1024 bits hashes). Second, looking into more practical aspect, is the password that "valuable" to spend 1 year on it and will it be relevant after that period.