On 4/16/2011 8:40 AM, AJ ONeal wrote: > This is near and dear to my heart so I had to evangelize: > http://www.baekdal.com/tips/password-security-usability
I have some problems with his writeup. First, there's no reference to entropy, the key to search spaces. Anyone who's anyone that knows anything about password security should know at least give the definition of information entropy. As a result, taking his example of a three common word password "this is fun" comes to a total of 51 bits of entropy. This search space will turn out about 350 trillion combinations. I have hardware at work that can chew through about 4 million passwords per second with John the Ripper. That's only 2 years, a far cry from 2,357 years he claims. Call me skeptical. Further, that's assuming I don't have access to a "dictionary" of common idioms and phrases, along with "1337" speak alternatives. Second, look at his other claim for six-character common words. He claims it will take 3 minutes to brute force, but looking at the entropy sizes of each password, and the unique number of combinations the search space holds, I'm coming up with times well under a minute, not the three minutes he claims. Lastly, he doesn't claim how he arrives at these numbers. No hardware references, no software references, just claims. Again, just using John the Ripper on some spare hardware at work, I'm getting numbers that don't line up by leaps and bounds with his claims. I guess I would take that article with a very, very small grain of salt. -- . O . O . O . . O O . . . O . . . O . O O O . O . O O . . O O O O . O . . O O O O . O O O
signature.asc
Description: OpenPGP digital signature
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
