> From: [email protected] [mailto:[email protected]] > On Behalf Of William J. Robbins > > At the end of the day if someone knows enough to bother encrypting their > system in the first place they know to use a decent passphrase...
I must disagree. :-) I mean, :-( Without any wrench, using a typical home PC and completely unintelligent brute force, you can get through ~ 2^43 password guesses in ~ a week. Users often times disclose their passwords voluntarily, just based on trust. And as described in http://xkcd.com/936/ most users choose "strong" passwords that they keep secret, that are guessable within the first ~ 2^28 guesses. Equally bad, I've seen companies where IT deployed TrueCrypt whole-disk protection to all their users, with the same password. 6 characters. Users often choose 6 or 8 char passwords ... Heck, I've systems that *don't accept* passwords longer than 8 chars. (They let you type in more than 8, but it gets truncated at 8, so "ObamaAreEvil" == "ObamaAreGreat") Even if a 7 char password was completely random and memorized (it never is; because it's got the kid's name or dog's name or something) then it would still be 41 bits. _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
