Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Timesink
Assuming the numbers in the article...

This only speeds things up by a factor of 10,000, so a brute-force attack would only take about 14 hours.  That may seem much longer but a password that can be brute-force cracked in 14 hours stinks big time  And since the attacks can be done away from the target computer, what's the hurry?

Salting passwords does slow down the storage/time tradeoff attacks, but does zilch against the brute-force attack - the same password still takes only 14 hours to crack against Unix.

Does anyone know how much salt Unix uses these days? It believe it used to be only 12 bits. If that is the case now, 12 bits of salt only retard things by a factor of 4096. That could be a crack in 6 hours instead of 5 seconds with the same storage,  a crack in 5 seconds with about 4000 GB, or a crack in 100 seconds with only about 200GB.

There is no technology to make a short password secure. Use a long password whether or not they make you.
56 posted on 07/22/2003 10:45:36 PM PDT by Russian Sage
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Russian Sage
"There is no technology to make a short password secure."

So how many digits are in your ATM password?!

62 posted on 07/22/2003 10:48:29 PM PDT by Southack (Media bias means that Castro won't be punished for Cuban war crimes against Black Angolans in Africa)
[ Post Reply | Private Reply | To 56 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson