Educause Security Discussion mailing list archives
Re: Password entropy
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Wed, 19 Jul 2006 14:08:02 -0500
At 01:49 PM 7/19/2006, scott hollatz put fingers to keyboard and wrote:
At 01:14 PM 7/19/2006, David Gillett put fingers to keyboard and wrote:If I choose"1 am not going to PAY a lot for the muffler!"as my "passphrase", *I* will probably use "1angtPalftm" as the actual *password*.I just want to be clear here. You are suggesting that the shorter phrase is stronger than the longer phrase?Yes. Which is a better password? abcdefghijklmnopqrstuvwxyz 1angtPalftm
Just based on a tool I have from SANS, it will take a maximum of 7,125,138,403,017,540,000 days to crack a 26 character string, that is only based on the lowercase character set. It will take a maximum of 60 to crack the 11 character string, based on the upper/lowercase and numerals. Both assume that the exact length is known. BTW, just as a FYI, it will take a maximum of 9,740,929,530,489,110,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 days to crack the original phrase based on the 94 character set of upper/lower special and space. I do not know how much the dictionary will reduce that number to, but assume it is significant. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Password entropy Basgen, Brian (Jul 19)
- <Possible follow-ups>
- Re: Password entropy Brent Sweeny (Jul 19)
- Re: Password entropy David Gillett (Jul 19)
- Re: Password entropy Buz Dale (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy David Gillett (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Valdis Kletnieks (Jul 19)
- Re: Password entropy Dave Koontz (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
(Thread continues...)