[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Security....



On Wed, 2004-10-27 at 20:17, Lew Bloch wrote:
> "Rodolfo J. Paiz" suggested:
> > Even when I do use passwords (and assuming the 8-char "standard"), I
> > always have at least one upper- and lower-case letter, one number, and
> > one special char. So that's actually 948 = 6,095,689,385,410,816 or
> > about 6.1 x 1015.
> > 
> > If I did my quick figures right, they'd have to exceed 1.93 million
> > attempts per second to be statistically likely to crack my box in less
> > than 100 years. Not bloody likely, and still very secure. <grin>
> 
> That's assuming that all characters from all character sets are equally 
> likely in every position in the password.  In fact, human-generated 
> passwords tend to have fewer punctuation and digit characters than the 
> statistical likelihood.  Exploiting this and similar facts would speed 
> up the attack considerably.
> 
> Some cracking will use techniques that have a high(er) probability of 
> hitting the correct value than simplistic brute-force methods.  Basing 
> your security estimate on defense against brute force only is probably 
> not optimal if you have anything significant to protect.
> 
> If the only attacks you get are from script kiddies, then your odds are 
> better.

Just wondering if I am missing something here. It may take a long time
to go through _all_ combinations, but all the cracker wants is the
_correct_ password. This might be on the first try, but not likely the
last.

Regards

Chris


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]