On Wed, 2004-10-27 at 15:17 -0400, Lew Bloch wrote: > "Rodolfo J. Paiz" suggested: > > Even when I do use passwords (and assuming the 8-char "standard"), I > > always have at least one upper- and lower-case letter, one number, and > > one special char. So that's actually 948 = 6,095,689,385,410,816 or > > about 6.1 x 1015. > > > > If I did my quick figures right, they'd have to exceed 1.93 million > > attempts per second to be statistically likely to crack my box in less > > than 100 years. Not bloody likely, and still very secure. <grin> > > That's assuming that all characters from all character sets are equally > likely in every position in the password. In fact, human-generated > passwords tend to have fewer punctuation and digit characters than the > statistical likelihood. Exploiting this and similar facts would speed > up the attack considerably. > Yes, Lew, but I was being humorous. In reality I rarely use passwords (note the above "even when...") and usually use keys. But "even when" I use passwords, *my* password is usually 10 chars or so and is significantly more random than average. So that should make the process about 9,000 times harder (i.e. push the 100 years to nearly 1 million years). But that wasn't the point. I just noted they'd need nearly 2 million guesses per second. I've never seen any probes on my box go even faster than 1 guess per second so far. And since I change my passwords at least once a year, then I would say it *is* reasonable security to use passwords if you use a good one. As an example, let's say that a super-cracker will be 10 times more likely to guess your password due to whatever. Then in order to guess my mythical 8-char password above within one year, he'd still need to make more than 19 million attempts per second. I think after a day or two you might notice something in your logs, don't you? Heck, after a week or two you'd most likely be out of disk space. <smile> -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part
