Now, now I thought the MIB frowned on admission of your other worldly origin.
Jon On Thu, Feb 10, 2011 at 1:29 PM, Don Ely <[email protected]> wrote: > I must not be human... Most of my high security accounts have passwords of > 20+ random characters and I have them memorized... > > > On Thu, Feb 10, 2011 at 10:25 AM, Ben Scott <[email protected]> wrote: > >> On Thu, Feb 10, 2011 at 12:31 PM, Matthew W. Ross >> <[email protected]> wrote: >> >> If data is encrypted with strong crypto, and that crypto's secret >> >> key is not stored on the device, then that data can generally be >> >> considered safe even if the device is stolen. >> >> >> >> In English, that means if the security depends on a strong password >> >> the user must enter (and not on some magic the manufacturer has >> >> "hidden" inside the device), the password-protected data is safe. >> > >> > ... Isn't that only partially true? I mean, if the encrypted data is >> stolen, >> > isn't it reasonable to believe it can be cracked given enough time/cpu >> power? >> >> You're basically correct. >> >> Given good algorithms and implementations, the strength of your >> security depends on the strength of the key. If the password is an >> English word, then yah, it's going to be straightforward to crack in >> minutes or hours with a dictionary attack. If it's a a combination of >> words and other characters, it's harder, but still within reason for >> days, weeks, or months. Once you go to truly random characters, it's >> dependent on the length. But even 10 characters might be crackable in >> several years given commercially available technology. (I'm not up on >> current predictions, so numbers may be off for times.) >> >> A truly random 256-bit symmetric key could theoretically be cracked >> given enough time, but time to brute-force (given known technology) is >> generally given in billions of years. It has been theorized that new >> technology (especially "quantum computing") could drastically cut into >> that, but it remains to be seen if such things are actually possible >> or not. >> >> But 256 bits is a lot. Printable ASCII is roughly 96 characters. >> That fits in roughly six and a half bits. So your passcode would need >> to be around 40 characters long, and *completely* random (no words or >> patterns), for it to be in that neighborhood. It's not realistic to >> expect humans to do that. >> >> -- Ben >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
