Le 29/07/2011 17:36, Invisible nous fit lire :
> http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html
> 
> "Can we break your password with our GPUs?"
> 
> 
> 
> To quote Bob the builder, "yes we can!"
> 
> Perhaps the surprising thing is that (say) a 6-character password
> doesn't look all that secure, and yet an 12-character password appears
> to be utterly unbreakable. Password security does not scale linearly
> with password size. It scales exponentially.
> 
> Also, the whole analysis seems to be concerned with "all possible
> combinations". That isn't how real humans write passwords. So I'd say
> all their security predictions are more than a tad optimistic!

And since the time the algorithm of the password cypher was made, some
people have made rainbow book. No more need to crack the password, just
look in the book for a matching salted result.

(remember, 8 significant characters... way too short against rainbow
book!). That's for your account's password.

password for archive... I guess some clear text can be guessed, which
means that simplistic approach like XOR is dead for now.
aes-128/256 should be fine, but either the random key is protected by
the password and it must be stored or the password might have some weak
bits (like ascii never set bit 7...) and the password must be
"compressed" to remove somehow these weak bits (ala DES : 8 chars, but
only 56 bits of entropy)

Post a reply to this message