POV-Ray: Newsgroups: povray.off-topic: Password difficulty: Re: Password difficulty

POV-Ray : Newsgroups : povray.off-topic : Password difficulty : Re: Password difficulty		Server Time 29 Jul 2024 14:22:23 EDT (-0400)

From: Jim Henderson
Date: 11 Aug 2011 14:17:28
Message: <4e441cb8$1@news.povray.org>

On Thu, 11 Aug 2011 09:09:01 +0100, Invisible wrote:

> Personally, I think the most /realistic/ way to gauge password strength
> is to see how long it takes real, commonly-available password crackers
> to break your password. After all, /that/ is what most unsophisticated
> attackers are going to use against you.

Arguably that's the most accurate way, but not the most realistic way.  
It wouldn't be realistic to run a prospective password through each one 
of those tools when setting the password.

In addition, if you've got rainbow tables-based cracking, as long as the 
tables extend to the length of the password (and take into account the 
appropriate factors for the password algorithm, naturally), then the 
cracking time is linear no matter what the complexity of the password is 
- which would be both unrealistic and inaccurate as a measure, because 
the hashes are precomputed.

Jim

Post a reply to this message