I'm in the middle of creating a website that basically hands out codes. Each code is 8 digits long. Each digit can be any of the following:
- 0-9 numbers
- 26 lower case alpha
- 26 upper case alpha
Total 62 choices per.
If I've done the math right 62^8 (and I could be completely wrong, which is why I'm asking the brains) being 8 digits long that could generate: 218,340,105,584,896 codes. Once a code is generated it cannot be generated again.
What I'm curious in is let's say over x time the amount of generated codes ramp up into the millions and continues climbing at a steady pace.
Now let's say a third party enters and writes a program that can generate my rudimentary 8 digit code. They can also check to see if its a valid code. Given that there are approximately a million codes already generated which keeps gaining everyday. Is there a formula to see the approximate time it would take somebody to generate a valid code? Say they can generate and check about 10 per second or so. I know I can simply add more digits to my code but the idea is the shorter the better in this scenario. I'm curious if this is secure enough. We're not talking about the keys to the castle here.
You are correct there are $62^8$ codes. If a million of them are valid, that means about one out of $218{,}340{,}106$ are valid, so it should take about that many tries to get a valid one. At 10 tries per second, that takes almost a year to check. This is one reason websites don't respond too quickly when you enter a password. If you keep them from trying more than one per second, it takes $10$ times longer to find a valid one.