Dear Linkedin,

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/10/12 00:25 , John Souvestre wrote:
> On 6/10/12, Joel jaeggli <joelja at bogus.com> wrote:
> 
>> How good does a password/phrase have to be in order to protect 
>> against brute-force or dictionary attacks against the password
>> itself? ? Entropy in language. A typical english sentence has 1.2
>> bits of entropy per character, you need 107 characters to get a
>> statistically random md5 hash. Using totally random english
>> characters you need 28 characters. Using a random distribution of
>> all 95 printable ascii characters you need 20 characters. ?
>> Observation, good passwords are hard to come by.
> 
> I don't disagree, except regarding dictionary attacks.  If the attack
> isn't random then math based on random events doesn't apply.  In the
> case of a purely dictionary attack if you choose a non-dictionary
> word and you are 100.000% safe.  :)

the search space for 6 8 10 character passwords is entirely too small...

> John
> 
> John Souvestre - New Orleans LA - (504) 454-0899
> 
> 
> 
> 

• Previous message (by thread): Dear Linkedin,
• Next message (by thread): Dear Linkedin,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]