Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Password Complexity and Aging

From: "Basgen, Brian" <bbasgen () PIMA EDU>
Date: Mon, 13 Apr 2009 20:18:59 -0700
brute force attack against passwords CAN't be stopped if the attacker is given unlimited time and that
long passwords that change frequently are a proper and effective defense against that activity.


Brute force can be effectively mitigated through strong entropy without any change frequency requirement. 72-bit 
strength has not been publicly cracked, and it is widely accepted that 128-bits is such a massive key space that a 
revolution in processing (e.g. quantum computing) would be required to brute force it. Moore's law just can't compete 
against the ease with which key lengths can be increased.

~~~~~~~~~~~~~~~~~~
Brian Basgen
Information Security
Pima Community College
Previous By Date Next
Previous By Thread Next

Current thread: