Classification: UNCLASSIFIED Caveats: NONE Thanks!
Craig L. Bowser CISSP SANS GSEC (Gold) ------------------------------- Hard work spotlights the character of people; some turn up their sleeves, some turn up their noses, and some don't turn up at all! -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Dan Stadelman Sent: Tuesday, June 30, 2009 1:46 PM To: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Cracking good times The equations should say: > 20^72 * time to *try* one password == a lot of time but I am sure you get the idea ;) Dan On Tue, Jun 30, 2009 at 11:44 AM, Dan Stadelman<[email protected]> wrote: > It is really hard to answer this one because it really "all depends" > on a lot of things - mainly how long it would take to test one > password. This can vary with system set up - if the user has access > to the password hashes, etc. > > If you are trying to make up some stats you could do something like > this (I assume you know this): > > 26 + 26 + 10 + 10 = 72 characters > > arranged 20 ways > > 20^72 * time to crack one password == a lot of time > > arranged 15 ways > > 15^72 * time to crack one password == a bit less time > > This is assuming there isn't some short cut to figuring out the > password - like it is on a sticky note on someones monitor (which > probably will happen if you are having such long passwords that are > changing frequently). > > Laters, > > Dan > > > > > On Tue, Jun 30, 2009 at 9:39 AM, craig bowser<[email protected]> wrote: >> >> >> >> Does anyone know a good reference for listing password cracking >> times? I'm trying to find some stats to determine if we should pick >> a 20+ character password for service accounts and only change every 6 >> or 12 months or pick a shorter password length (10-12 characters) and change every 90 days or so. >> All passwords would be using all four character sets (Aa1!). >> >> >> >> Thanks. >> >> >> >> >> >> Craig L. Bowser >> >> CISSP SANS GSEC (Gold) >> >> ------------------------------- >> >> Nothing makes a person more productive than the last minute. - >> Contributed by Jeff Pappas >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com Classification: UNCLASSIFIED Caveats: NONE _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
