On Fri, 2005-02-04 at 12:07 +1000, Tim Fairchild wrote: > Then something like "my silly old dog has too many fleas" > > msodh2mf > > is pretty safe by those definitions, and is easily improved like > > m50d#2mf
Yes, pretty hard to guess. Of course it also depends on the usage of the password. For example if someone gets a hold of the ciphertext used by this password and the encryption method is weak, then the password can be obtained by brute force. For example the traditional Unix password encryption uses a 56 bit hashing algorithm which takes an 8 character (7 bits per character) password and generates a 13 character hashcode. Authentication is handled by taking a password and generating the hashcode and comparing them. If they match, then the password is correct. With a 56 bit hashing algorithm you can take run through all password combinations in a matter of a few days with sufficient processing power. With a longer password and a strong hashing scheme (say MD5), it takes considerably longer to find the password via a brute force method. For every additional bit of password length, it takes twice as long generate all the combinations of passwords. So if it takes 2 days for an 8 character password (7 bits per character), it would take 128 times longer (2 ** 7) for a 9 character password which is 256 days. Given the long time it takes for a brute force attack for long passwords even if you have the ciphertext, password cracking systems resort to heuristic methods to find likely passwords (e.g. dictionary words, pet names, spouse names, etc) If you use passwords like that, a cracking program can find them in at most a few minutes. -- Smoot Carl-Mitchell System/Network Architect email: [EMAIL PROTECTED] cell: +1 602 421 9005 home: +1 480 922 7313 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
