Re: Security....

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, 2004-10-27 at 15:17 -0400, Lew Bloch wrote:
> "Rodolfo J. Paiz" suggested:
> > Even when I do use passwords (and assuming the 8-char "standard"), I
> > always have at least one upper- and lower-case letter, one number, and
> > one special char. So that's actually 948 = 6,095,689,385,410,816 or
> > about 6.1 x 1015.
> > 
> > If I did my quick figures right, they'd have to exceed 1.93 million
> > attempts per second to be statistically likely to crack my box in less
> > than 100 years. Not bloody likely, and still very secure. <grin>
> 
> That's assuming that all characters from all character sets are equally 
> likely in every position in the password.  In fact, human-generated 
> passwords tend to have fewer punctuation and digit characters than the 
> statistical likelihood.  Exploiting this and similar facts would speed 
> up the attack considerably.
> 

Yes, Lew, but I was being humorous. In reality I rarely use passwords
(note the above "even when...") and usually use keys. But "even when" I
use passwords, *my* password is usually 10 chars or so and is
significantly more random than average. So that should make the process
about 9,000 times harder (i.e. push the 100 years to nearly 1 million
years).

But that wasn't the point. I just noted they'd need nearly 2 million
guesses per second. I've never seen any probes on my box go even faster
than 1 guess per second so far. And since I change my passwords at least
once a year, then I would say it *is* reasonable security to use
passwords if you use a good one.

As an example, let's say that a super-cracker will be 10 times more
likely to guess your password due to whatever. Then in order to guess my
mythical 8-char password above within one year, he'd still need to make
more than 19 million attempts per second.

I think after a day or two you might notice something in your logs,
don't you? Heck, after a week or two you'd most likely be out of disk
space.

<smile>

-- 
Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>

Attachment: signature.asc
Description: This is a digitally signed message part

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux