Michael Kjörling <2695bd53d...@ewoof.net> wrote on 20/03/2024 at 16:16:41+0100:
> On 20 Mar 2024 15:45 +0100, from p...@debian.org (Pierre-Elliott Bécue): >>> it should be like 32 symbols with special symbols? Or this paragraph >>> in a handbook is rather paranoid? >> >> It's not paranoid. > > For 82 symbols (mixed-case alphanumeric plus 20 special characters), > 32 characters is equivalent to about 203 bits. (82^32 ~ 2^203 or, > expressed differently, log_2(82^32) ~ 203.) > > At a rate of 2^50 guesses per second, that will take about 3.6*10^38 > _years_ to go through. A widely agreed-upon figure for the age of the > universe is around 1.4*10^10 years. Therefore such a password would > take, very roughly, 10^28 times the age of the universe to brute > force. > > Of course, with only 32 characters actually chosen, the character set > size can in principle be reduced to 32, yielding 32^32 = 2^160 > possibilities. At the same rate, that would take about 4.1*10^25 > years; a measly 10^15 times the age of the universe. > > I sincerely doubt that guessability of such a password will be the > weak link in overall system security. I'm referring to the paragraph in the handbook, not the 32 random character password. -- PEB
signature.asc
Description: PGP signature