Dear Linkedin,

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/10/12, Joel jaeggli <joelja at bogus.com> wrote:

 > How good does a password/phrase have to be in order to protect 
 > against brute-force or dictionary attacks against the password itself?
 > ? Entropy in language.
 >   A typical english sentence has 1.2 bits of entropy per character, 
 > you need 107 characters to get a statistically random md5 hash.
 > Using totally random english characters you need 28 characters.
 > Using a random distribution of all 95 printable ascii characters you 
 > need 20 characters.
 > ? Observation, good passwords are hard to come by.

I don't disagree, except regarding dictionary attacks.  If the attack isn't random then math based on random events doesn't apply.  In the case of a purely dictionary attack if you choose a non-dictionary word and you are 100.000% safe.  :)

John

    John Souvestre - New Orleans LA - (504) 454-0899

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]