> In a brute force attack the longer password will always be better, we're > all agreed on that, however hackers are smarter than that and will try > dictionary and hybrid attacks first. So this is what I think the odds are > approximately:
This is not true. For example, a password such as "DominicDaemon" or "pokemonpoison" much less secure than a password like "g%eQ9)P". >theusgotbeatbygermany doesn't have to be brute forced, and is susceptible >to a dictionary attack so instead of letters the possiblity is based on >individual words which is 6, the LC4 program standard dictionary has 29000 >entries (approximately) so we're looking at 29000^6=5x10^26 A BIGGER >NUMBER! (not to mention making it impossible to store in a LM hash) > >Am I missing something? It is hashed (depending on platform and algorithm) in groups, so for example, NT LM will split the "DominicDaemon" into "Dominic" and "Daemon" and hash them seperately. Running a cracker against it would therefore, find very quick matches in the dictionary for Dominic and Daemon, and NOT "29000^6=5x10^26 A BIGGER NUMBER! " whereas "VX.97tf " will actually be more difficult to crack. It also comes down to the hashing algorithm so you need to know the workings behind it.
