I thought of that this morning too. But you forgot something important. NUMBERS are allowed too.
So it is a password that is up to 8 characters long using a set of 36, not 26! (36^8) This gives us 2,821,109,907,456 combinations. That's nearly 3 TRILLION. (getting close to the deficit, huh?). This is over 10x your original number which means instead of 200,000 years to check them at 30 seconds, it would be 2 MILLION years. Or, still 200,000 years at 3 seconds a pop. We'd better get started. What'cha wanna bet that 95% of the passwords are made up of maybe a couple thousand different words though. JP ----- Original Message ----- From: "Rasjid Wilcox" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, February 25, 2004 9:34 PM Subject: Brue force attacks (was Re: !!!DANGER!!!! Acute security risk! WAKE UP!!!!) > On Thursday 26 February 2004 05:18, Seak, Teng-Fong wrote: > > I knew. Well, actually, I saw. There's the "too many security failures" > > message. But I also saw that it would grant me chance to input password > > again. I'm not sure, is it about after 20 seconds? And if I programme a > > robot to hack in a slow manner, say one per 30 seconds, I'm 30 times slower > > to hack in. But it is still able to hack in. No? > > Suppose that someone has a random 8 character password (not a dictionary > word), all in lower case. > > There are 26^8 = 208,827,064,576 combinations. > > If you only check one every 30 seconds, it will take: > 104,413,532,288 minutes = 1,740,225,538 hours = 72,509,397 days = 198,519.9 > years to check all of them. > > So I'm feeling quite safe at this point. > > The moral of course is not to use a dictionary word (or simple derivative like > flower28) as your password, since there are *far* fewer words than random > combinations of letters, and brute force attacks are much more likely to > succeed. > > Cheers, > > Rasjid. > > -- > Rasjid Wilcox > Canberra, Australia (UTC +11 hrs) > http://www.openminddev.net > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
