Re: Password entropy

[Roger Safian <r-safian () NORTHWESTERN EDU>]

At 01:49 PM 7/19/2006, scott hollatz put fingers to keyboard and wrote:
> > At 01:14 PM 7/19/2006, David Gillett put fingers to keyboard and wrote:
> > >  If I choose
> > >
> > > > "1 am not going to PAY a lot for the muffler!"
> > >
> > > as my "passphrase", *I* will probably use
> > >
> > > "1angtPalftm"
> > >
> > > as the actual *password*.
> >
> > I just want to be clear here.  You are suggesting
> > that the shorter phrase is stronger than the longer
> > phrase?
>
> Yes.
>
> Which is a better password?
>
>       abcdefghijklmnopqrstuvwxyz
>       1angtPalftm

Just based on a tool I have from SANS, it will take a maximum of
7,125,138,403,017,540,000 days to crack a 26 character string,
that is only based on the lowercase character set.  It will take a
maximum of 60 to crack the 11 character string, based on the
upper/lowercase and numerals.  Both assume that the exact length
is known.  BTW, just as a FYI, it will take a maximum of
9,740,929,530,489,110,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
days to crack the original phrase based on the 94 character set
of upper/lower special and space.

I do not know how much the dictionary will reduce that
number to, but assume it is significant.


--
Roger A. Safian
r-safian () northwestern edu (email) public key available on many key servers.
(847) 491-4058   (voice)
(847) 467-6500   (Fax) "You're never too old to have a great childhood!"