nanog mailing list archives
RE: Dear Linkedin,
From: "John Souvestre" <johns () sstar com>
Date: Sun, 10 Jun 2012 02:25:22 -0500
On 6/10/12, Joel jaeggli <joelja () bogus com> wrote:
How good does a password/phrase have to be in order to protect against brute-force or dictionary attacks against the password itself? ? Entropy in language. A typical english sentence has 1.2 bits of entropy per character, you need 107 characters to get a statistically random md5 hash. Using totally random english characters you need 28 characters. Using a random distribution of all 95 printable ascii characters you need 20 characters. ? Observation, good passwords are hard to come by.
I don't disagree, except regarding dictionary attacks. If the attack isn't random then math based on random events doesn't apply. In the case of a purely dictionary attack if you choose a non-dictionary word and you are 100.000% safe. :) John John Souvestre - New Orleans LA - (504) 454-0899
Current thread:
- Re: Dear Linkedin,, (continued)
- Re: Dear Linkedin, Scott Howard (Jun 09)
- Re: Dear Linkedin, Jimmy Hess (Jun 09)
- Re: Dear Linkedin, Scott Weeks (Jun 08)
- Re: Dear Linkedin, Derrick H. (Jun 08)
- EBAY and AMAZON Brandt, Ralph (Jun 11)
- Re: EBAY and AMAZON Henry Yen (Jun 11)
- Re: EBAY and AMAZON Jo Rhett (Jun 11)
- Re: Dear Linkedin, Derrick H. (Jun 08)
- Re: Dear Linkedin, Alec Muffett (Jun 08)
- Re: Dear Linkedin, Joel jaeggli (Jun 10)
- RE: Dear Linkedin, John Souvestre (Jun 10)
- Re: Dear Linkedin, Joel jaeggli (Jun 10)
- Re: Dear Linkedin, valdis . kletnieks (Jun 10)
- Re: Dear Linkedin, Mike Hale (Jun 08)
- Re: Dear Linkedin, Barry Shein (Jun 09)
- Re: Dear Linkedin, Jay Ashworth (Jun 09)
- Re: Dear Linkedin, Lyle Giese (Jun 09)
- Re: Dear Linkedin, Joe Greco (Jun 10)