|
Posted by Joseph on January 21, 2006, 6:59 pm
If you were Registered and logged in, you could reply and use other advanced thread options
I've read the literature about having strong passwords that contain numbers,
symbols, upper and lower case, over 8 characters and also be gibberish.
Obviously there must be a balance between strenth and using a password that
is at least memorable.
Not being a security expert, would anyone tell me how secure an 8 character
password would be consisting of numbers, upper and lower case letters and is
just gibberish, thus not prone to dictionary attacks.
Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
combinations.
How long would it take to crack a password of this complexity by brute
force?
Thank you
|
|
Posted by Arthur T. on January 21, 2006, 8:22 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>Obviously there must be a balance between strenth and using a password that
>is at least memorable.
From what I read, most security experts are now suggesting
that you write down your passwords *and make sure that list is
secured*. (The equivalent is to keep them encrypted by a master
key that's very secure.) This is because of the large number of
passwords people now need. Of course, you shouldn't use the same
password for multiple uses.
>Not being a security expert, would anyone tell me how secure an 8 character
>password would be consisting of numbers, upper and lower case letters and is
>just gibberish, thus not prone to dictionary attacks.
>
>Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
>combinations.
>
>How long would it take to crack a password of this complexity by brute
>force?
I'm also not a security expert, but the usual measure of a
key's security is number of bits of entropy. For truly random
data, you can find this from the log base 2 of the number of
combinations. For your password scheme, that's just under 48
bits. That's considered weak and easily crackable. DES is 56
bits and considered to be too easy to crack.
--
Arthur T. - ar23hur "at" speakeasy "dot" net
Looking for a good MVS systems programmer position
|
|
Posted by Winged on January 21, 2006, 8:26 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I've read the literature about having strong passwords that contain numbers,
> symbols, upper and lower case, over 8 characters and also be gibberish.
> Obviously there must be a balance between strenth and using a password that
> is at least memorable.
>
> Not being a security expert, would anyone tell me how secure an 8 character
> password would be consisting of numbers, upper and lower case letters and is
> just gibberish, thus not prone to dictionary attacks.
>
> Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
> combinations.
>
> How long would it take to crack a password of this complexity by brute
> force?
>
> Thank you
>
>
A good page to address your questions can be found here:
http://geodsoft.com/howto/password/cracking_passwords.htm#cracktime
Winged
|
|
Posted by Donnie on January 21, 2006, 8:33 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I've read the literature about having strong passwords that contain
numbers,
> symbols, upper and lower case, over 8 characters and also be gibberish.
> Obviously there must be a balance between strenth and using a password
that
> is at least memorable.
>
> Not being a security expert, would anyone tell me how secure an 8
character
> password would be consisting of numbers, upper and lower case letters and
is
> just gibberish, thus not prone to dictionary attacks.
#################################
A dictionary attack only uses words in the dictionary, so if numbers and
other symbols are included, a dictionary attack is worthless. I've cracked
many passwds using John The Ripper and I never used wordlists. john -i
passwd_file That's it.
Of course most of those were dictionary passwds, some were pretty funny like
user frog, passwd leap, stupid things like that.
donnie
#################################
> Doing the math, I see 62*62*62*62*62*62*62*62=218,340,105,584,896
> combinations.
>
> How long would it take to crack a password of this complexity by brute
> force?
>
> Thank you
>
#######################################
Brute force is another story. If a passwd is strong, it could take forever
but that's when you move on to the next file or look for a weaker entry
point.
donnie.
|
|
Posted by Robert on January 22, 2006, 1:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
> I've read the literature about having strong passwords that contain numbers,
> symbols, upper and lower case, over 8 characters and also be gibberish.
> Obviously there must be a balance between strenth and using a password that
> is at least memorable.
I always tell people to forget about using words for their passwords, use
phrases.
For example;
When It Rains It Pours But When The Sun Comes Out It's Warm
A Bird In The Hand Is Better Then Two In The Tree
Then use only the first letter of every word
thus having;
wiripbwtscoiw
abithibttitt
Then swap letters for numbers;
a=4 e=3 i=1 o=0 s=8 p=9 l=7
would translate to;
w1r19bwtsc01w
4b1th1bttb1tt
Other possible flips could be to use the number in place of the word e.i,
one=1 four=4 and so on.
You could also use the '&' in place for the word 'and'
You can make the flip anything you want but make it so that you will
remember what that flip is. Then add punctuation as needed.
Password generators are good to and their passwords have no reason behind
then and this makes them good but it also make it harder to remember them.
Also never use short phrases. At least 10 letter long. 15 or more is
even better.
There is no such thing as an in-crackable password. Given enough time all
passwords can and will be cracked. We just have to make it harder for the
cracker and hope that he will be caught before he can crack the password.
--
Regards
Robert
Smile... it increases your face value!
----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+
Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----
|
| Similar Threads | Posted | | Innovative password security | September 1, 2005, 4:51 am |
| Innovation on password security | September 2, 2005, 1:32 am |
| wireless router password security | May 7, 2008, 9:59 am |
| Patent buster for a method that increases password security | December 4, 2006, 11:46 am |
| How to set a password on a cd/dvd? | August 1, 2007, 4:11 am |
| Password Generator | October 7, 2005, 7:24 am |
| Boot password | November 2, 2005, 8:35 pm |
| SYSTEM PASSWORD | November 16, 2005, 8:17 pm |
| RAR Archiving & Password | October 6, 2006, 9:18 pm |
| Password Decoding | November 29, 2006, 5:06 pm |
|
XML site map