Security....
Chris Hewitt
fedlist at manordata.uklinux.net
Wed Oct 27 19:25:13 UTC 2004
On Wed, 2004-10-27 at 20:17, Lew Bloch wrote:
> "Rodolfo J. Paiz" suggested:
> > Even when I do use passwords (and assuming the 8-char "standard"), I
> > always have at least one upper- and lower-case letter, one number, and
> > one special char. So that's actually 948 = 6,095,689,385,410,816 or
> > about 6.1 x 1015.
> >
> > If I did my quick figures right, they'd have to exceed 1.93 million
> > attempts per second to be statistically likely to crack my box in less
> > than 100 years. Not bloody likely, and still very secure. <grin>
>
> That's assuming that all characters from all character sets are equally
> likely in every position in the password. In fact, human-generated
> passwords tend to have fewer punctuation and digit characters than the
> statistical likelihood. Exploiting this and similar facts would speed
> up the attack considerably.
>
> Some cracking will use techniques that have a high(er) probability of
> hitting the correct value than simplistic brute-force methods. Basing
> your security estimate on defense against brute force only is probably
> not optimal if you have anything significant to protect.
>
> If the only attacks you get are from script kiddies, then your odds are
> better.
Just wondering if I am missing something here. It may take a long time
to go through _all_ combinations, but all the cracker wants is the
_correct_ password. This might be on the first try, but not likely the
last.
Regards
Chris
More information about the fedora-list
mailing list