Educause Security Discussion mailing list archives
Re: Password entropy
From: Harold Winshel <winshel () CAMDEN RUTGERS EDU>
Date: Thu, 20 Jul 2006 19:36:44 -0400
Those number of days to crack the passwords - they are based solely on a brute force attack? At 03:08 PM 7/19/2006, Roger Safian wrote:
At 01:49 PM 7/19/2006, scott hollatz put fingers to keyboard and wrote: >> At 01:14 PM 7/19/2006, David Gillett put fingers to keyboard and wrote: >>> If I choose >>> >>>> "1 am not going to PAY a lot for the muffler!" >>> >>> as my "passphrase", *I* will probably use >>> >>> "1angtPalftm" >>> >>> as the actual *password*. >> >> I just want to be clear here. You are suggesting >> that the shorter phrase is stronger than the longer >> phrase? > >Yes. > >Which is a better password? > > abcdefghijklmnopqrstuvwxyz > 1angtPalftm Just based on a tool I have from SANS, it will take a maximum of 7,125,138,403,017,540,000 days to crack a 26 character string, that is only based on the lowercase character set. It will take a maximum of 60 to crack the 11 character string, based on the upper/lowercase and numerals. Both assume that the exact length is known. BTW, just as a FYI, it will take a maximum of 9,740,929,530,489,110,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 days to crack the original phrase based on the 94 character set of upper/lower special and space. I do not know how much the dictionary will reduce that number to, but assume it is significant. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Harold Winshel Computing and Instructional Technologies Faculty of Arts & Sciences Rutgers University, Camden Campus 311 N. 5th Street, Room B36 Armitage Hall Camden NJ 08102 (856) 225-6669 (O)
Current thread:
- Re: Password entropy, (continued)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Graham Toal (Jul 20)
- Re: Password entropy Valdis Kletnieks (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
- Re: Password entropy Roger Safian (Jul 21)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Roger Safian (Jul 23)
- Re: Password entropy Paul Russell (Jul 23)
- Re: Password entropy James H Moore (Jul 23)
- Re: Password entropy Valdis Kletnieks (Jul 23)
- Re: Password entropy Harold Winshel (Jul 24)
- Re: Password entropy Robert Kerr (Jul 24)
(Thread continues...)