nanog mailing list archives

RE: Dear Linkedin,

From: "John Souvestre" <johns () sstar com>
Date: Sun, 10 Jun 2012 02:25:22 -0500

On 6/10/12, Joel jaeggli <joelja () bogus com> wrote:

How good does a password/phrase have to be in order to protect 
against brute-force or dictionary attacks against the password itself?
? Entropy in language.
  A typical english sentence has 1.2 bits of entropy per character, 
you need 107 characters to get a statistically random md5 hash.
Using totally random english characters you need 28 characters.
Using a random distribution of all 95 printable ascii characters you 
need 20 characters.
? Observation, good passwords are hard to come by.


I don't disagree, except regarding dictionary attacks.  If the attack isn't random then math based on random events 
doesn't apply.  In the case of a purely dictionary attack if you choose a non-dictionary word and you are 100.000% 
safe.  :)

John

    John Souvestre - New Orleans LA - (504) 454-0899

Current thread:

Re: Dear Linkedin,, (continued)
- - - Re: Dear Linkedin, Scott Howard (Jun 09)
    - Re: Dear Linkedin, Jimmy Hess (Jun 09)
- Re: Dear Linkedin, Scott Weeks (Jun 08)
  - Re: Dear Linkedin, Derrick H. (Jun 08)
    - EBAY and AMAZON Brandt, Ralph (Jun 11)
    - Re: EBAY and AMAZON Henry Yen (Jun 11)
    - Re: EBAY and AMAZON Jo Rhett (Jun 11)
- Re: Dear Linkedin, Hal Murray (Jun 08)
  - Re: Dear Linkedin, Alec Muffett (Jun 08)
    - Re: Dear Linkedin, Joel jaeggli (Jun 10)
    - RE: Dear Linkedin, John Souvestre (Jun 10)
    - Re: Dear Linkedin, Joel jaeggli (Jun 10)
    - Re: Dear Linkedin, valdis . kletnieks (Jun 10)
  - Re: Dear Linkedin, valdis . kletnieks (Jun 08)
  - Choosing Passwords Jay Ashworth (Jun 09)
- Re: Dear Linkedin, Hal Murray (Jun 08)
  - Re: Dear Linkedin, Mike Hale (Jun 08)
  - Re: Dear Linkedin, Barry Shein (Jun 09)
    - Re: Dear Linkedin, Jay Ashworth (Jun 09)
    - Re: Dear Linkedin, Lyle Giese (Jun 09)
    - Re: Dear Linkedin, Joe Greco (Jun 10)

(Thread continues...)