*>> Do these calculations take into account any predicted future increase in computing power? *
Or distributed computing of current computing power? They never ever do. * * *ASB* *http://about.me/Andrew.S.Baker* *Harnessing the Advantages of Technology for the SMB market… * On Thu, Aug 11, 2011 at 11:36 AM, Ken Schaefer <k...@adopenstatic.com> wrote: > Is the maths behind this published?**** > > ** ** > > e.g. patterns in the alphabet or keyboard (asdf / abcd) should be tried > first, vs otherwise random combinations. Additionally, if a brute force > attacker started at a random point in the alphabet (e.g. starting at ‘x’) > would the same prediction be true? Do these calculations take into account > any predicted future increase in computing power? Personally, I think > there’s too many assumptions in it.**** > > ** ** > > For better password security (with the overhead of management and > repudiation), 2FA / 3FA is far more secure.**** > > ** ** > > Cheers**** > > Ken**** > > ** ** > > ** ** > > *From:* Maglinger, Paul [mailto:pmaglin...@scvl.com] > *Sent:* Thursday, 11 August 2011 11:03 PM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > Using XxXxXxXxXxXx on GRC:**** > > ** ** > > Time Required to Exhaustively Search this Password's Space:**** > > Online Attack Scenario: > (Assuming one thousand guesses per second)**** > > 1.27 hundred million centuries**** > > Offline Fast Attack Scenario: > (Assuming one hundred billion guesses per second)**** > > 1.27 centuries**** > > Massive Cracking Array Scenario: > (Assuming one hundred trillion guesses per second)**** > > 1.52 months**** > > ** ** > > ** ** > > *From:* Webster [mailto:webs...@carlwebster.com] > *Sent:* Thursday, August 11, 2011 9:38 AM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > Using the one from GRC:**** > > ** ** > > Time Required to Exhaustively Search this Password's Space:**** > > Online Attack Scenario: > (Assuming one thousand guesses per second)**** > > 4.58 hundred trillion trillion trillion trillion trillion centuries**** > > Offline Fast Attack Scenario: > (Assuming one hundred billion guesses per second)**** > > 4.58 million trillion trillion trillion trillion centuries**** > > Massive Cracking Array Scenario: > (Assuming one hundred trillion guesses per second)**** > > 4.58 thousand trillion trillion trillion trillion centuries**** > > ** ** > > I like my password!**** > > ** ** > > ** ** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** > > ** ** > > ** ** > > *From:* Sean Rector [mailto:sean.rec...@vaopera.org] > *Sent:* Thursday, August 11, 2011 9:33 AM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > One of mine gave back 5 septillion years. ;)**** > > ** ** > > Sean Rector, MCSE**** > > ** ** > > *From:* Steven M. Caesare [mailto:scaes...@caesare.com] > *Sent:* Thursday, August 11, 2011 10:25 AM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > It would take a desktop PC > About 193 trillion years > to hack your password**** > > ** ** > > I’ll take it.**** > > ** ** > > -sc**** > > ** ** > > *From:* Martin Blackstone [mailto:mblackst...@gmail.com] > *Sent:* Thursday, August 11, 2011 10:20 AM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > I got one year.**** > > ** ** > > *From:* Shauna Hensala [mailto:she...@msn.com] > *Sent:* Thursday, August 11, 2011 7:16 AM > > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > ** ** > > Have your users go here: http://www.howsecureismypassword.net/ > and enter their password to see how long it would take to crack. A fun > little exercise. > > [image: Red rose]Shauna Hensala**** > ------------------------------ > > From: webs...@carlwebster.com > To: ntsysadmin@lyris.sunbelt-software.com > Subject: RE: Almost, but not quite OT: Passwords > Date: Thu, 11 Aug 2011 13:43:08 +0000**** > > I changed my bed linens at the beginning of each semester whether they > needed changing or not. J**** > > **** > > **** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** > > **** > > **** > > *From:* Crawford, Scott [mailto:crawfo...@evangel.edu] > *Sent:* Thursday, August 11, 2011 8:32 AM > *To:* NT System Admin Issues > *Subject:* RE: Almost, but not quite OT: Passwords**** > > **** > > nice. **** > > **** > > Reminds me of an old roommate, "I clean the shower every six months whether > it needs it or not."**** > > Sent from my Palm Pre on the Now Network from Sprint**** > > ** ** > ------------------------------ > > On Aug 11, 2011 7:42 AM, Webster <webs...@carlwebster.com> wrote: **** > > I change my passwords religiously every 7 years.**** > > **** > > Carl Webster**** > > Consultant and Citrix Technology Professional**** > > http://www.CarlWebster.com <http://www.carlwebster.com/>**** > > **** > > **** > > *From:* Gasper, Rick [mailto:rickgas...@kings.edu] > *Subject:* RE: Almost, but not quite OT: Passwords**** > > **** > > Crap…I now have to change my password again…**** > > **** > > *From:* Jon Harris [mailto:jk.har...@gmail.com] > *Subject:* Re: Almost, but not quite OT: Passwords**** > > **** > > If the in-house team ever got a round to it both could be kept happy but > using something like "Horses like 2 fly, like bugs like to be stepped on!" > Complex and easy to remember. How long would that take for a brute force > attack or a dictionary attack to get the password?**** > > **** > > FYI that is NOT one of my passwords!**** > > **** > > Jon**** > > On Wed, Aug 10, 2011 at 6:10 PM, Webster <webs...@carlwebster.com> wrote:* > *** > > Because the security team and or auditor are simply following a check > list. Complex passwords required – check. My job is done.**** > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
