Sorry Ben for stepping on your turf...but I felt this apposite in this discussion. Oh, and IMHO, bringing up anything from Steve Gibson in a security discussion is on par w/Godwin's Law.
http://xkcd.com/538/ - WJR 🙈🙉🙊 On Sat, Aug 9, 2014 at 4:41 PM, Michael B. Smith <[email protected]> wrote: > Your version of impractical is different than mine. Or that of the NSA. > > > > Generating rainbow tables that contain hashes for all possible passwords > of say, 24 characters, may be computationally intractable today (and may > not be, depending on your resources), but a 95% success rate does not > require tables that contain all hashes. > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Klaus Hartnegg > *Sent:* Saturday, August 9, 2014 2:09 AM > *To:* [email protected] > *Cc:* [email protected] > > *Subject:* Re: [NTSysADM] Re: Something to share with your users, so they > can see how passwords matter > > > > Am 09.08.2014 um 05:23 schrieb "Michael B. Smith" <[email protected]>: > > > you should spend some time learning how Rainbow Tables operate. > > Rainbow tables don't work at all if the password has sufficient length. > > They are magic for 8 characters, but impractical for 10 or more. > > > > >
