|
![](/i/fill.gif) |
On Thu, 11 Aug 2011 09:09:01 +0100, Invisible wrote:
> Personally, I think the most /realistic/ way to gauge password strength
> is to see how long it takes real, commonly-available password crackers
> to break your password. After all, /that/ is what most unsophisticated
> attackers are going to use against you.
Arguably that's the most accurate way, but not the most realistic way.
It wouldn't be realistic to run a prospective password through each one
of those tools when setting the password.
In addition, if you've got rainbow tables-based cracking, as long as the
tables extend to the length of the password (and take into account the
appropriate factors for the password algorithm, naturally), then the
cracking time is linear no matter what the complexity of the password is
- which would be both unrealistic and inaccurate as a measure, because
the hashes are precomputed.
Jim
Post a reply to this message
|
![](/i/fill.gif) |