With an asymptote.
Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Don Ely [mailto:[email protected]] Sent: Thursday, February 10, 2011 4:38 PM To: NT System Admin Issues Subject: Re: RE: IPhone attack reveals passwords in six minutes Oh right, I should have been using Calculus instead of Algebra to solve that equation... :P On Thu, Feb 10, 2011 at 1:27 PM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: Tttthhhhbbbbttttt Wrong. :-P Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com<http://theessentialexchange.com/> From: Don Ely [mailto:[email protected]<mailto:[email protected]>] Sent: Thursday, February 10, 2011 4:23 PM To: NT System Admin Issues Subject: Re: RE: IPhone attack reveals passwords in six minutes At roughly 3 characters per minute, you can extrapolate that out to 20 seconds per extra character.... :) On Thu, Feb 10, 2011 at 1:13 PM, Jonathan <[email protected]<mailto:[email protected]>> wrote: And how many additional minutes does each additional character above 15 add? Jonathan - Thumb typed from my HTC Droid Incredible (and yes, it really is) on the Verizon network. On Feb 10, 2011 4:09 PM, "Michael B. Smith" <[email protected]<mailto:[email protected]>> wrote: > Anything under 15 characters I can crack in under 5 minutes. > > Anything. > > Regards, > > Michael B. Smith > Consultant and Exchange MVP > http://TheEssentialExchange.com<http://theessentialexchange.com/> > > From: MMF [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, February 10, 2011 4:05 PM > To: NT System Admin Issues > Subject: RE: IPhone attack reveals passwords in six minutes > > How about a nursery rhyme but use the first letter of each word. Example: > Hickory Dickery Dock The Mouse Ran Up The Clock would be: hddtmrutc. > > Murray > > ________________________________ > From: William Robbins > [mailto:[email protected]<mailto:[email protected]>] > Sent: Thursday, February 10, 2011 12:52 PM > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > +1 I use song lyrics also. > > - WJR > > On Thu, Feb 10, 2011 at 12:49, David Lum > <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: > One method is to take acronyms from your favorite hobby and string them > together Example: NetBEUI CPU is 45GHz 14Kbps > NetBEUICPUis45GHz14Kbps. 25 characters, upper and lower case and I'm going to > guess random enough. Surely acronym's are different when it comes to a > dictionary attack? Need to change it? Flip the order of the acronyms. > > Personally I use a passphrase with correct punctuation - it gives upper case, > lower case, and special character. These becomes frustrating when you go to a > website that gives you something dumb like 12character maximum, in which case > use the hobby acronym's. > > My $0.02 > Dave > > From: Don Ely > [mailto:[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>] > Sent: Thursday, February 10, 2011 10:29 AM > > To: NT System Admin Issues > Subject: Re: IPhone attack reveals passwords in six minutes > > I must not be human... Most of my high security accounts have passwords of > 20+ random characters and I have them memorized... > On Thu, Feb 10, 2011 at 10:25 AM, Ben Scott > <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: > On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross > <[email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>>> > wrote: >>> If data is encrypted with strong crypto, and that crypto's secret >>> key is not stored on the device, then that data can generally be >>> considered safe even if the device is stolen. >>> >>> In English, that means if the security depends on a strong password >>> the user must enter (and not on some magic the manufacturer has >>> "hidden" inside the device), the password-protected data is safe. >> >> ... Isn't that only partially true? I mean, if the encrypted data is stolen, >> isn't it reasonable to believe it can be cracked given enough time/cpu power? > You're basically correct. > > Given good algorithms and implementations, the strength of your > security depends on the strength of the key. If the password is an > English word, then yah, it's going to be straightforward to crack in > minutes or hours with a dictionary attack. If it's a a combination of > words and other characters, it's harder, but still within reason for > days, weeks, or months. Once you go to truly random characters, it's > dependent on the length. But even 10 characters might be crackable in > several years given commercially available technology. (I'm not up on > current predictions, so numbers may be off for times.) > > A truly random 256-bit symmetric key could theoretically be cracked > given enough time, but time to brute-force (given known technology) is > generally given in billions of years. It has been theorized that new > technology (especially "quantum computing") could drastically cut into > that, but it remains to be seen if such things are actually possible > or not. > > But 256 bits is a lot. Printable ASCII is roughly 96 characters. > That fits in roughly six and a half bits. So your passcode would need > to be around 40 characters long, and *completely* random (no words or > patterns), for it to be in that neighborhood. It's not realistic to > expect humans to do that. > > -- Ben > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > with the body: unsubscribe ntsysadmin > > ________________________________ > > No virus found in this message. > Checked by AVG - > www.avg.com<http://www.avg.com/><http://www.avg.com<http://www.avg.com/>> > Version: 10.0.1204 / Virus Database: 1435/3434 - Release Date: 02/10/11 > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
