| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
lo, |
| 5 |
|
| 6 |
On Wednesday 18 January 2006 04:09, Marius Mauch wrote: |
| 7 |
> Well, hard to say what would be more secure, |
| 8 |
|
| 9 |
that is certainly true. |
| 10 |
|
| 11 |
> just pointing out that |
| 12 |
> 12*[a-zA-Z] offers about 10.000-100.000 times more combinations than |
| 13 |
> 8*[a-zA-Z0-9<special-chars>]: |
| 14 |
> 52^12 = 390,877,006,486,250,192,896 ~ 3.9*10^20 |
| 15 |
> 95^8 = 6,634,204,312,890,625 ~ 6.6*10^15 |
| 16 |
> (assuming 33 special chars, could be a few more or less). |
| 17 |
> |
| 18 |
> And for completeness: |
| 19 |
> 52^8 = 53,459,728,531,456 ~ 5.3*10^13 |
| 20 |
> 95^12 = 540,360,087,662,636,962,890,625 ~ 5.4*10^23 |
| 21 |
> |
| 22 |
> As said, that doesn't relate to practical security, just shows that in |
| 23 |
> theory changing the password length does more in terms of complexity |
| 24 |
> than changing the set of allowed chars. |
| 25 |
> And every combinational restriction added again decreases the |
| 26 |
> complexity. |
| 27 |
|
| 28 |
Very true, but it also works with minimum length as well. Consider that if you |
| 29 |
FORCE users to use a passphrase (say min length of 15 chars) then with very |
| 30 |
few exceptions they will just use recognisable dictionary words. So while the |
| 31 |
theoretical amount of possibilities is a lot higher, in reality a well |
| 32 |
written brute force application would find it no harder in practise to |
| 33 |
compromise the passwords. If you are concerned about password security then |
| 34 |
get away from it. Look at something like : |
| 35 |
|
| 36 |
http://www.wikidsystems.com |
| 37 |
|
| 38 |
|
| 39 |
I'm going to try and get it into the tree over the next few weeks. |
| 40 |
|
| 41 |
- -- |
| 42 |
Benjamin Smee (strerror) |
| 43 |
crypto/forensics/netmail/netmon |
| 44 |
-----BEGIN PGP SIGNATURE----- |
| 45 |
Version: GnuPG v1.9.20 (GNU/Linux) |
| 46 |
|
| 47 |
iD8DBQFDzjL4AEpm7USL54wRAswXAKCHbfOU2yjgULabODq9mMMQyhMnyQCdFrf3 |
| 48 |
0utBEgSSiWTJKbgM/ESLguk= |
| 49 |
=IcDn |
| 50 |
-----END PGP SIGNATURE----- |
| 51 |
-- |
| 52 |
gentoo-server@g.o mailing list |
Archives