POV-Ray: Newsgroups: povray.off-topic: Password difficulty: Re: Password difficulty

POV-Ray : Newsgroups : povray.off-topic : Password difficulty : Re: Password difficulty		Server Time 29 Jul 2024 14:19:26 EDT (-0400)

From: Orchid XP v8
Date: 11 Aug 2011 14:27:23
Message: <4e441f0b$1@news.povray.org>

On 11/08/2011 07:17 PM, Jim Henderson wrote:
> On Thu, 11 Aug 2011 09:09:01 +0100, Invisible wrote:
>
>> Personally, I think the most /realistic/ way to gauge password strength
>> is to see how long it takes real, commonly-available password crackers
>> to break your password. After all, /that/ is what most unsophisticated
>> attackers are going to use against you.
>
> Arguably that's the most accurate way, but not the most realistic way.
> It wouldn't be realistic to run a prospective password through each one
> of those tools when setting the password.

You don't think so?

I think that if you type a password and a cracker can guess it in under 
30 seconds, you should definitely pick a different password. But maybe 
that's just me...

> In addition, if you've got rainbow tables-based cracking, as long as the
> tables extend to the length of the password (and take into account the
> appropriate factors for the password algorithm, naturally), then the
> cracking time is linear no matter what the complexity of the password is
> - which would be both unrealistic and inaccurate as a measure, because
> the hashes are precomputed.

On the other hand, salting the password trivially defeats rainbow tables.

-- 
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*

Post a reply to this message