The equations should say: > 20^72 * time to *try* one password == a lot of time
but I am sure you get the idea ;) Dan On Tue, Jun 30, 2009 at 11:44 AM, Dan Stadelman<[email protected]> wrote: > It is really hard to answer this one because it really "all depends" > on a lot of things - mainly how long it would take to test one > password. This can vary with system set up - if the user has access > to the password hashes, etc. > > If you are trying to make up some stats you could do something like > this (I assume you know this): > > 26 + 26 + 10 + 10 = 72 characters > > arranged 20 ways > > 20^72 * time to crack one password == a lot of time > > arranged 15 ways > > 15^72 * time to crack one password == a bit less time > > This is assuming there isn't some short cut to figuring out the > password - like it is on a sticky note on someones monitor (which > probably will happen if you are having such long passwords that are > changing frequently). > > Laters, > > Dan > > > > > On Tue, Jun 30, 2009 at 9:39 AM, craig bowser<[email protected]> wrote: >> >> >> >> Does anyone know a good reference for listing password cracking times? I'm >> trying to find some stats to determine if we should pick a 20+ character >> password for service accounts and only change every 6 or 12 months or pick a >> shorter password length (10-12 characters) and change every 90 days or so. >> All passwords would be using all four character sets (Aa1!). >> >> >> >> Thanks. >> >> >> >> >> >> Craig L. Bowser >> >> CISSP SANS GSEC (Gold) >> >> ------------------------------- >> >> Nothing makes a person more productive than the last minute. - Contributed >> by Jeff Pappas >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
