Re: "Proactive" Password Checking

[Alec Muffett <alecm () coyote uk sun com>]

> Now consider the password "maryhadalittlelamb" 

let's see...

under Unix - 8 character truncation "maryhada"

also: implies password is definitely 8 chars long

password taken from the set of all lowercase letters 

thus: set size of 26 symbols

there are 26^8 = 208827064576 passwords of length 8 
which comprise only of lowercase letters

my dual-cpu 450MHz UltraSPARC-II can do 25000 crypts/sec/cpu
- certainly more if i could be bothered to optimise the code.  

50000 crypts/second total, on my desktop.

208827064576 passwords at 50000 crypts/sec = 4176541 seconds

4176541 seconds = 48 days 8 hours 9 minutes 1 second

I can throw a rock from where I sit and hit about a dozen similar
machines; say I can get ahold of 10 for simplicity.

I can definitely crack your password in 4 days and 20 hours;
on average I will manage it in a little over two days.

...so...

I *do* hope you change your "secure" password on a weekly basis.

        - alec

-- 
       alec muffett, sun professional services, alec.muffett @ uk.sun.com
                        bananas are not the only fruit