[153668] in North American Network Operators' Group
Re: Dear Linkedin,
daemon@ATHENA.MIT.EDU (Joel jaeggli)
Sun Jun 10 11:25:31 2012
Date: Sun, 10 Jun 2012 08:24:41 -0700
From: Joel jaeggli <joelja@bogus.com>
To: John Souvestre <johns@sstar.com>
In-Reply-To: <028701cd46da$34debd80$9e9c3880$@sstar.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 6/10/12 00:25 , John Souvestre wrote:
> On 6/10/12, Joel jaeggli <joelja@bogus.com> wrote:
>
>> How good does a password/phrase have to be in order to protect
>> against brute-force or dictionary attacks against the password
>> itself? ? Entropy in language. A typical english sentence has 1.2
>> bits of entropy per character, you need 107 characters to get a
>> statistically random md5 hash. Using totally random english
>> characters you need 28 characters. Using a random distribution of
>> all 95 printable ascii characters you need 20 characters. ?
>> Observation, good passwords are hard to come by.
>
> I don't disagree, except regarding dictionary attacks. If the attack
> isn't random then math based on random events doesn't apply. In the
> case of a purely dictionary attack if you choose a non-dictionary
> word and you are 100.000% safe. :)
the search space for 6 8 10 character passwords is entirely too small...
> John
>
> John Souvestre - New Orleans LA - (504) 454-0899
>
>
>
>
