 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html
"Can we break your password with our GPUs?"
To quote Bob the builder, "yes we can!"
Perhaps the surprising thing is that (say) a 6-character password
doesn't look all that secure, and yet an 12-character password appears
to be utterly unbreakable. Password security does not scale linearly
with password size. It scales exponentially.
Also, the whole analysis seems to be concerned with "all possible
combinations". That isn't how real humans write passwords. So I'd say
all their security predictions are more than a tad optimistic!
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le 29/07/2011 17:36, Invisible nous fit lire :
> http://www.tomshardware.com/reviews/password-recovery-gpu,2945.html
>
> "Can we break your password with our GPUs?"
>
>
>
> To quote Bob the builder, "yes we can!"
>
> Perhaps the surprising thing is that (say) a 6-character password
> doesn't look all that secure, and yet an 12-character password appears
> to be utterly unbreakable. Password security does not scale linearly
> with password size. It scales exponentially.
>
> Also, the whole analysis seems to be concerned with "all possible
> combinations". That isn't how real humans write passwords. So I'd say
> all their security predictions are more than a tad optimistic!
And since the time the algorithm of the password cypher was made, some
people have made rainbow book. No more need to crack the password, just
look in the book for a matching salted result.
(remember, 8 significant characters... way too short against rainbow
book!). That's for your account's password.
password for archive... I guess some clear text can be guessed, which
means that simplistic approach like XOR is dead for now.
aes-128/256 should be fine, but either the random key is protected by
the password and it must be stored or the password might have some weak
bits (like ascii never set bit 7...) and the password must be
"compressed" to remove somehow these weak bits (ala DES : 8 chars, but
only 56 bits of entropy)
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] dev null> wrote:
> Perhaps the surprising thing is that (say) a 6-character password
> doesn't look all that secure, and yet an 12-character password appears
> to be utterly unbreakable. Password security does not scale linearly
> with password size. It scales exponentially.
Why does that surprise you?
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
On 30/07/2011 09:38 AM, Warp wrote:
> Invisible<voi### [at] devnull> wrote:
>> Perhaps the surprising thing is that (say) a 6-character password
>> doesn't look all that secure, and yet an 12-character password appears
>> to be utterly unbreakable. Password security does not scale linearly
>> with password size. It scales exponentially.
>
> Why does that surprise you?
Because humans generally don't understand the exponential function.
Actually, I suspect that a 12-character password is only unbreakable if
it's 12 *random* characters. A "typical" 12-character password is
probably totally breakable!
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v8 <voi### [at] devnull> wrote:
> On 30/07/2011 09:38 AM, Warp wrote:
> > Invisible<voi### [at] devnull> wrote:
> >> Perhaps the surprising thing is that (say) a 6-character password
> >> doesn't look all that secure, and yet an 12-character password appears
> >> to be utterly unbreakable. Password security does not scale linearly
> >> with password size. It scales exponentially.
> >
> > Why does that surprise you?
> Because humans generally don't understand the exponential function.
I thought you had an understanding of exponential functions.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>>> Why does that surprise you?
>
>> Because humans generally don't understand the exponential function.
>
> I thought you had an understanding of exponential functions.
So did I...
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
