Dear Linkedin,
Joel jaeggli
joelja at bogus.com
Sun Jun 10 15:24:41 UTC 2012
On 6/10/12 00:25 , John Souvestre wrote:
> On 6/10/12, Joel jaeggli <joelja at bogus.com> wrote:
>
>> How good does a password/phrase have to be in order to protect
>> against brute-force or dictionary attacks against the password
>> itself? ? Entropy in language. A typical english sentence has 1.2
>> bits of entropy per character, you need 107 characters to get a
>> statistically random md5 hash. Using totally random english
>> characters you need 28 characters. Using a random distribution of
>> all 95 printable ascii characters you need 20 characters. ?
>> Observation, good passwords are hard to come by.
>
> I don't disagree, except regarding dictionary attacks. If the attack
> isn't random then math based on random events doesn't apply. In the
> case of a purely dictionary attack if you choose a non-dictionary
> word and you are 100.000% safe. :)
the search space for 6 8 10 character passwords is entirely too small...
> John
>
> John Souvestre - New Orleans LA - (504) 454-0899
>
>
>
>
More information about the NANOG
mailing list