Hello Mica, Friday, September 24, 2004, 3:24:06 PM, you wrote:
> You never know until you try. :grin: > Thomas said they already have some "enhanced" dictionary attack > technics, which would crack such passwords for a shorter time than > before, but I haven't tested any. I think Thomas refers to what I know as morphing attacks. Indeed such an attack could be faster if the word is only slightly changed like w!nd. But when the word gets mutilated enough a morphing attack won't have much success. It just becomes a brute force attack. Just download one of the many RAR password crackers as a test. 1-4 chars is very fast 5 chars gets hard. And on 6 chars we already talking about weeks. Using only chars found on the keyboard there are about 102 different chars. That means that breaking it takes 102x longer for every char added. BTW lots of software just waits a second before it processes the entered password. That means only 1 password per second will be tested; no matter how fast the hardware is. Using some Alt+... chars greatly increases the entropy of a password. ° = alt+248 or ƒ= alt+159 all typed on the numeric keypad and easy to remember. Personally I have a list with passwords like th798*3%5ƒ#ö% No way I can remember them but you can store them in bookmark programs. So you have to remember just one password. Or use a electronic key. PGP supports several electronic keys and even biometrics IIRC. An electronic key is just a little USB key that fits on your key ring. (a real key ring like the one you keep your car keys on) Stick it in a USB slot and PGP will detect it and opens the key ring. Nothing to remember and very high entropy passwords. Enough to match the security of PGP itself. They cost around USD 30 -- Tony Why isn't there mouse-flavored cat food? ________________________________________________ Current version is 3.00.00 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
