On 12/08/14 14:02, Mark Rotteveel wrote: > On Mon, 08 Dec 2014 13:44:36 +0300, Alex Peshkoff <[email protected]> > wrote: >> Yes. For password >20 bytes sooner of all exists shorter one with same >> hash value. > But that is technically irrelevant.
As long as we do not talk about brute force. > Although identical hashes are certain > due to pigeon holing, that doesn't mean shorter passwords (or passwords > near the hash length) are better than longer passwords. And even then, > making the assumption that most passwords only use characters between 0x20 > and 0x7E (95 characters out of potentially 256 in a byte) then a very rough > estimate is that identical hashes might only happen after 50 characters > (based on 256/95 * 20 = 53.9; a calculation that a cryptologist would > probably kill me for because it is either totally wrong or too > conservative). > I've never said that passwords >20 characters are bad. Only that they are not as efficient as may seem. ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
