 |
 |
 |
 |
|
|
|
Comments for: jesus19990502
| Message # 1012510: |
|
Date: 07/24/02 15:33
By: Jon Nadal Subject: RE: Think like an Application Architect dictionary based passwords are inherrently insecure unless the dictionary is unknown to the cracker. a dictionary of english words is easily obtainable, but to use a dictionary of more obscure "words" (any given pattern of characters) would defeat our purpose (easily memorized passwords). for example: if we were to use a dictionary of 50,000 english words, the cracker does not necessarily have to have access to the dictionary. all the cracker needs to know is that the dictionary is composed of english words. he/she might obtain a dictionary of 100,000 english words or any amount. the number of tests required to crack the password is: numWordsInDictionary^numWordsInPassword so if the cracker has a dictionary of 100,000 words and passwords are composed of 2 words, it would require at most 100,000^2 = 10,000,000,000 tests, assuming the cracker's dictionary contains all the words (or whatever patterns) that the site contains - which is almost guaranteed when one uses a dictionary from a language. if one can test 1,000,000 passwords per second, the password will be obtained in 2 hours 28 minutes AT MOST. thats not average; thats worst case scenario (from the cracker's point of view). security's a pain... - Jon |
Previous Message | Next Message |
| Comments: | ||
| re: pronouncable is important | Saint | 05/15/03 17:56 |
| RE: easy to remember gibberish | James | 11/28/02 20:13 |
| RE: See FIPS-181 | tom | 11/07/02 13:58 |
| Big Mistake | gilhad | 10/30/02 09:26 |
| RE: Think like an Application Architect | Lee | 08/21/02 17:04 |
| easy to remember gibberish | Andrew Penry | 07/27/02 19:39 |
| RE: Think like an Application Architect | Jon Nadal | 07/24/02 15:33 |
| Think like an Application Architect | Lee | 04/16/02 22:01 |
| RE: Another possible access | Mike Marinescu | 03/01/02 01:53 |
| RE: See FIPS-181 | mike | 01/09/02 10:52 |
| Question | Jeff Williams | 12/20/01 22:05 |
| Parse Error | Vijay Avarachen | 11/26/01 06:45 |
| RE: One (of many) alternative solution | Brian Clancey | 08/23/01 16:49 |
| RE: Another possible access | David Altherr | 07/06/01 12:29 |
| RE: One (of many) alternative solution | Hugh Bothwell | 06/23/01 11:22 |
| RE: html editor and courses | James Diss | 06/07/01 07:39 |
| How about alternate vowels & consonants? | Tom Westmacott | 05/07/01 12:29 |
| One (of many) alternative solution | Jack Healy | 05/03/01 09:29 |
| RE: Another possible access | Jeremy Weiskotten | 04/19/01 18:59 |
| html editor and courses | Marlon Benjamin | 03/08/01 11:01 |
| See FIPS-181 | Andy | 03/07/01 17:24 |
| RE: Another possible access | Katie | 03/02/01 19:19 |
| RE: Insecurity. | Bill Canaday | 02/26/01 15:12 |
| RE: Insecurity. | Jay | 02/21/01 11:26 |
| RE: Insecurity. | Lance Sloan | 02/08/01 15:56 |
| RE: Insecurity. | Allen | 02/03/01 11:49 |
| RE: Another possible access | Martin Scheffler | 01/11/01 06:17 |
| RE: Insecurity. | Matt | 12/15/00 17:50 |
| Insecurity. | Michal Zajaczkowski | 11/27/00 06:34 |
| Another possible access | Tomas Krojzl | 09/16/00 09:16 |
|
If you are looking for help, please post on the appropriate forum here. Your questions will be answered much more quickly. | ||
