You brute!!! (brute force attacks)
Rasjid Wilcox
rasjidw "at" openminddev.net
Thu Feb 26 07:14:00 2004
On Thursday 26 February 2004 15:13, John E. Peterson wrote:
> I thought of that this morning too. But you forgot something important.
> NUMBERS are allowed too.
>
> So it is a password that is up to 8 characters long using a set of 36, not
> 26! (36^8)
No, I didn't forget. I was just setting a baseline for a genuinely random 8
character password. If you use all readily accessible characters on the
standard qwerty keyboard, you are looking at (2*46)^8 combinations.
[a-z,0-9,-=[]\;',./ plus all the same shifted]. This comes to
5,132,188,731,375,616 or a bit over 5 thousand trillion combinations.
> What'cha wanna bet that 95% of the passwords are made up of maybe a couple
> thousand different words though.
No bets from me on that one. Even if one assumes that there are 20,000 words
or word-like combinations commonly used as passwords, these can be
brute-forced in a few days.
This is why the 'take the first letter from a phrase' (ie, password would be
'ttflfap') approach to passwords is generally seen as a more secure approach
for memorable password creation, although I believe that the 'randomness'
generated from gramatically correct phrases is still relatively low.
Cheers,
Rasjid.
--
Rasjid Wilcox
Canberra, Australia (UTC +11 hrs)
http://www.openminddev.net