[colug-432] password survey
Chris Spackman
chris at osugisakae.com
Fri May 23 19:37:12 EDT 2014
On 2014/05/23 at 07:11pm, Bill Baker wrote:
> I don't know about that. According to howsecureismypassword.net, it
> would take a desktop PC about a tresvigintillion years to crack that
> password. Plus, Randall Munroe pointed out at http://xkcd.com/936/
> that a password consisting of four random dictionary words would
> take a long time for a computer to guess. So nine would presumably
> take even longer.
I am no expert, but I thought that with recent releases of large
numbers of real-world passwords, "heuristic brute forcing" made it
possible to break/crack even very long passwords in less than
brute-force times? The catch being that the password must be generated
by the same sorts of methods that many 'normal' people use. So a
couple of dictionary words put together can be cracked much more
quickly than a randomly generated password of the same length? I don't
think that all sites such as howsecureismypassword.net take these
factors into consideration.
ZDNet had a (so-so) article a couple of years ago about this:
http://www.zdnet.com/brute-force-attacks-beyond-password-basics-7000001740/
(Having said all that, a long password composed of unrelated words
strung together is probably much better than a short password that is
actually random.)
--
Chris Spackman
Respect is earned. Trust is gained. Loyalty is returned.
More information about the colug-432
mailing list