On Thu, Jul 1, 2010 at 12:53 PM, Tilghman Lesher <[email protected]> wrote:
> > That would only be true if you used random characters in your 17-character > passphrase. In fact, English text has somewhere between 0.6 and 1.5 bits > of > randomness per letter, whereas an SHA1sum has no more than 4 bits of > randomness per letter. Let's assume the higher number of randomness for > your English text, which gives us 1.5 * 17, which is 25.5 bits of > randomness. > Note that the prefix 3 characters have ZERO randomness per character, as > they > are deterministic from the extension. That gives an even less 21 bits of > randomness. SHA1 cryptographic sums have no more than 160 bits of > randomness. > > I say "no more than", because, given knowledge of the algorithm used to > determine passwords, the sum is reduced to the number of bits of randomness > in > the source material. You cannot generate randomness by applying a > deterministic algorithm. However, given that the source material for the > hash > sum is of a smaller bit strength than the comparative strength of the hash > algorithm, your difficulty of guessing the password is not reduced any by > using the hash algorithm for generative purposes. > > With this in mind, I'll be sure to forge my passwords from Chinese text from now on.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
