>>Security Newsletters-TM wrote: > I thought that using a dictionary is still considered brute force. >
Call the set of all possible passwords the 'keyspace'. Brute force is checking the entire keyspace. Dictionaries represent 'human-friendly strings', say words easy to memorize. This is a fraction of the total keyspace. > Where's the distinction, after the first 5000 attempts I think it's safe to > say you're not attempting educated guesses. > Suppose we just limit ourselves to the 26 lowercase + 26 uppercase +10 digits in our passwords. This gives 62 possibilities. If we restrict ourselves to passwords of length 8 created from this limited set of 62 characters, just as an example, this gives 62**8 (62-to-the-8th-power) possible passwords, i.e. the keyspace is of size 62**8, which is this number : 218340105584896 Of which 5000 would be an insignificant sample Chris