length of pw
in [Cryptography]
|
Prev: Call for papers: ISP-10, Orlando, USA, July 2010
Next: Question about polymorphic encryption used by some company
From: bmearns on 24 Feb 2010 13:28 On Feb 24, 12:12 pm, "J.D." <degolyer...(a)yahoo.com> wrote: > > So are you saying you could hack into my gmail account. by all means, > > please do. > > Do NOT do as this troll requests. Hacking email accounts without the > permission of the account-holder is a felony in most jurisdictions, > and there is no way to authenticate whether or not this person is in > fact the account-holder. I wouldn't think of it, but thanks for looking out. =) -Brian
From: bmearns on 24 Feb 2010 13:34 On Feb 24, 12:09 pm, Gomar <rompho...(a)gmail.com> wrote: > On Feb 23, 9:18 pm, g...(a)nope.ucsd.edu (Greg Rose) wrote: > > > >... > > >5 - 931151402 - 3 years, 7 months > > > >beyond 5, number of combinations get ridiculous, much higher > > >than the age of the universe. > > > No, actually, it goes up by a factor of 62 for > > each character, so 6 is about 183 years. Not exactly the age of the universe. > > I said number of >COMBINATIONS< ... not how long it takes. Age of the universe measured in what? Comparing numbers that measure different things is meaningless. The number of hairs on my head is greater than the age of the universe measured in billion-year periods, but less than the age of the universe measured in seconds. It's irrelevant how many combinations there are, what matters is how long it takes to crack them. > No number can be higher than the age of the universe, which is about > 15billion years old. So 16 billion isn't higher than 15 billion? Weird. > > From Winzip's help file: "In fact, taking maximum advantage of the > full strength of AES encryption requires a password of approximately > 32 characters for 128-bit encryption" > > Thus, 32 characters is how many combinations, and how long would it > take to crack? Are very large number of combinations and a very long time, which is why 32 characters is quite secure. 5 characters are not. > How would you memorize 32 characters at all? Just because it's difficult doesn't mean it's not important. If you don't have the mental capacity to remember your own password, then write it down somewhere secure. If your attacker has access to whatever secure location you keep your password in (like your wallet or your house, for instance), you've probably got bigger things to worry about anyway. They're as likely to beat you with a 5$ wrench as they are to try to steal your password.
From: bmearns on 24 Feb 2010 13:38 On Feb 24, 11:53 am, Gomar <rompho...(a)gmail.com> wrote: > So are you saying you could hack into my gmail account. by all means, > please do. > I do use 5 character pw so I could easily remember it. START... I'm saying that you've made it significantly easier than it should be for someone to break into your gmail account. It would take a significant effort, but is most likely feasible. I have no intention of trying, but the fact that you're announcing to the entire world that you've crippled the authentication process by using such a weak process is more foolish than the act itself. -Brian
From: rossum on 24 Feb 2010 13:42 On Wed, 24 Feb 2010 09:09:24 -0800 (PST), Gomar <romphotog(a)gmail.com> wrote: >How would you memorize 32 characters at all? Memorise a poem with 16 lines. Use the first and last character of each line in a predetermined order. `Twas brillig, and the slithy toves Did gyre and gimble in the wabe: All mimsy were the borogoves, And the mome raths outgrabe. Gives: ':A.A,Ds in one possible order. rossum
From: unruh on 24 Feb 2010 14:01
On 2010-02-24, Gomar <romphotog(a)gmail.com> wrote: > On Feb 23, 9:18?pm, g...(a)nope.ucsd.edu (Greg Rose) wrote: >> >... >> >5 - 931151402 - 3 years, 7 months >> >> >beyond 5, number of combinations get ridiculous, much higher >> >than the age of the universe. >> >> No, actually, it goes up by a factor of 62 for >> each character, so 6 is about 183 years. Not exactly the age of the universe. > > I said number of >COMBINATIONS< ... not how long it takes. > No number can be higher than the age of the universe, which is about > 15billion years old. > > From Winzip's help file: "In fact, taking maximum advantage of the > full strength of AES encryption requires a password of approximately > 32 characters for 128-bit encryption" > > Thus, 32 characters is how many combinations, and how long would it > take to crack? 2^128 Depends. If it is by exhaustive search, 2^127 attempts. > How would you memorize 32 characters at all? > |