On Tuesday 05 December 2006 05:33, Mario Ruiz wrote: > A brute force attack on a AES (aka Rijndael)/256 enc bits stream using a > P4/1.5Ghz/512Mb Ram would take around: > > passwrd len: 6 chars --360 days (63 chars no caps, caps, digits,..)
Realistically, using modern hardware (eg what I have in my surgery), I can almost guarantee you a "next business day" 6 char password If people use just characters (upper/lower case) + [,.:[EMAIL PROTECTED]&*()-=+] + numbers it'll be same day. But even if you use all possible printable ASCII characters (which hardly anyone ever does) for your 6 char password, it takes at the most 18 days assuming processing 500,000 passwords per second - a bit short of 360 days I think. Most people considering brute force attacks have a bit more grunt than just a 1.5 GHz P4 nowadays However: - if the word of the 6 char passphrase is found in an English dictionary, finding it will take less than a minute even on modest hardware - if the password includes common mnemonics, SMS shortcuts etc - ditto. - just upper/lower case characters, plus numbers, periods and exclamation marks a few hours "Brute force" nowadays means usually a last resort after "educated guesses" from long lists of potential passwords Horst _______________________________________________ Gpcg_talk mailing list [email protected] http://ozdocit.org/cgi-bin/mailman/listinfo/gpcg_talk
