Aaron, You can't make 4 million attemps a second.
How can you use jack the ripper to get into any of these? - computer - VPS (through ssh) - blogspot account - email - bank account - windows 7 activation code If you have physical access to my machine, you don't need jack the ripper. Just pop in a boot CD. All logins are done online these days. On an unprotected system where you're the only user and the site is using an evented webserver you'll be lucky to get 20,000. AJ ONeal On Mon, Apr 25, 2011 at 12:50 PM, Aaron Toponce <[email protected]>wrote: > On 4/16/2011 8:40 AM, AJ ONeal wrote: > > This is near and dear to my heart so I had to evangelize: > > http://www.baekdal.com/tips/password-security-usability > > I have some problems with his writeup. > > First, there's no reference to entropy, the key to search spaces. Anyone > who's anyone that knows anything about password security should know at > least give the definition of information entropy. > > As a result, taking his example of a three common word password "this is > fun" comes to a total of 51 bits of entropy. This search space will turn > out about 350 trillion combinations. I have hardware at work that can > chew through about 4 million passwords per second with John the Ripper. > That's only 2 years, a far cry from 2,357 years he claims. Call me > skeptical. Further, that's assuming I don't have access to a > "dictionary" of common idioms and phrases, along with "1337" speak > alternatives. > > Second, look at his other claim for six-character common words. He > claims it will take 3 minutes to brute force, but looking at the entropy > sizes of each password, and the unique number of combinations the search > space holds, I'm coming up with times well under a minute, not the three > minutes he claims. > > Lastly, he doesn't claim how he arrives at these numbers. No hardware > references, no software references, just claims. Again, just using John > the Ripper on some spare hardware at work, I'm getting numbers that > don't line up by leaps and bounds with his claims. > > I guess I would take that article with a very, very small grain of salt. > > -- > . O . O . O . . O O . . . O . > . . O . O O O . O . O O . . O > O O O . O . . O O O O . O O O > > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list >
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
