Re: Password entropy

[Harold Winshel <winshel () CAMDEN RUTGERS EDU>]

Those number of days to crack the passwords - they are based solely
on a brute force attack?

At 03:08 PM 7/19/2006, Roger Safian wrote:
> At 01:49 PM 7/19/2006, scott hollatz put fingers to keyboard and wrote:
> >> At 01:14 PM 7/19/2006, David Gillett put fingers to keyboard and wrote:
> >>>  If I choose
> >>>
> >>>> "1 am not going to PAY a lot for the muffler!"
> >>>
> >>> as my "passphrase", *I* will probably use
> >>>
> >>> "1angtPalftm"
> >>>
> >>> as the actual *password*.
> >>
> >> I just want to be clear here.  You are suggesting
> >> that the shorter phrase is stronger than the longer
> >> phrase?
> >
> >Yes.
> >
> >Which is a better password?
> >
> >       abcdefghijklmnopqrstuvwxyz
> >       1angtPalftm
>
> Just based on a tool I have from SANS, it will take a maximum of
> 7,125,138,403,017,540,000 days to crack a 26 character string,
> that is only based on the lowercase character set.  It will take a
> maximum of 60 to crack the 11 character string, based on the
> upper/lowercase and numerals.  Both assume that the exact length
> is known.  BTW, just as a FYI, it will take a maximum of
> 9,740,929,530,489,110,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
>
> days to crack the original phrase based on the 94 character set
> of upper/lower special and space.
>
> I do not know how much the dictionary will reduce that
> number to, but assume it is significant.
>
>
> --
> Roger A. Safian
> r-safian () northwestern edu (email) public key available on many key servers.
> (847) 491-4058   (voice)
> (847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Harold Winshel
Computing and Instructional Technologies
Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B36 Armitage Hall
Camden NJ 08102
(856) 225-6669 (O)