:>: -----Original Message----- :>: From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On :>: Behalf Of Costin Enache :>: Sent: Sunday, September 01, 2013 12:04 PM :>: To: IBM-MAIN@LISTSERV.UA.EDU :>: Subject: Re: RACF Database protection :>: :>: Small :>: clarification: The usage of password phrases instead of passwords does :>: not :>: increase the complexity of a brute-force attack against the encrypted :>: hashes, :>: in case the RACF DB gets compromised (flawed / insecure DES :>: implementation). :>: The time required for recovering a 16-byte password phrase is two times :>: the time :>: required for an eight-byte password, for a 24-byte phrase three times, :>: etc. :>: (the required time does not increase exponentially, as expected).
I must be missing something. A brute force attack on a one byte password must be prepared for 256 attempts. The same attack on a two byte password must be prepared for 65,536 attempts which is significantly more than the 512 you suggest. How is the increase not exponential? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN