[153660] in North American Network Operators' Group
RE: Dear Linkedin,
daemon@ATHENA.MIT.EDU (John Souvestre)
Sun Jun 10 03:26:03 2012
From: "John Souvestre" <johns@sstar.com>
To: <nanog@nanog.org>
In-Reply-To: <4FD446CF.30008@bogus.com>
Date: Sun, 10 Jun 2012 02:25:22 -0500
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/10/12, Joel jaeggli <joelja@bogus.com> wrote:
> How good does a password/phrase have to be in order to protect=20
> against brute-force or dictionary attacks against the password =
itself?
> ? Entropy in language.
> A typical english sentence has 1.2 bits of entropy per character,=20
> you need 107 characters to get a statistically random md5 hash.
> Using totally random english characters you need 28 characters.
> Using a random distribution of all 95 printable ascii characters you=20
> need 20 characters.
> ? Observation, good passwords are hard to come by.
I don't disagree, except regarding dictionary attacks. If the attack =
isn't random then math based on random events doesn't apply. In the =
case of a purely dictionary attack if you choose a non-dictionary word =
and you are 100.000% safe. :)
John
John Souvestre - New Orleans LA - (504) 454-0899
