-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 17-04-2011 23:50, Grant Olson escribió: ... > But if you don't, and you use a dictionary word, or a dictionary word > with l33t-sp34k, or two dictionary words, your opponent can develop a > strategy that beats the average case brute force time. And your > opponent actually does this now. The McAfee article conveniently > ignores that the Cane & Abel can do dictionary attacks, and it can do > rainbow table lookups.
Yes, and I'm thinking we should include symbols between words (but I'm not saying we should not also use them anywhere else). About rainbow tables, probably the author used that hash to have something to break, I mean, to bruteforce something, you need something that is not the plain text password, it may be an encrypted file, or a hashed value. I don't know if there are rainbow tables for SHA-256, but so far I have not seen a site with the complete set for MD5 (maybe I have not searched enough). ... > The seventeen character "imtoosexyformycar" may be much much easier to > hack than the seventeen character "qkgfnroefdsoeyhzz" depending on your > opponent's strategy, and it may not, but it'll never be significantly > slower. Right said, eh, Grant ;) The good thing is we are not forced to chose words just from English dictionary... we can mix from several languages, including Klingon, plus symbols... If the attacker knows too much about us to be able to design a custom strategy to do a mixed dictionary attack, maybe they can also use the 5 dollars hammer strategy. For remote attackers, maybe they won't know that much about us. Still, I'm considering my bullet-proof more-than-128-bits-of-entropy passphrase might be not as hard as it might be :P Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNrDpzAAoJEMV4f6PvczxA6swH/RG3GLA45q1AhLGevuAMAib8 jwdB5dIk++/vJrk1S0uU7zHJfsWhcgfjEPVcq3/GqsHI3sBTkeC8UVVF9p2gykXt ++YKQ7Hv8A4JEhlRWReOBAsBYaNzV1Ggd6C9Oc/f2e/PuU8Luz0D8EjxgxiBeGLc u7VQR9rTGUOi1UHhKYUS5jt515YOEM2839uBSbh2xLQZJXAiN5ZB0anO6L4bUhfa SKX2fhIT2otlTPJmxajpe1a82EEJrjJtS1C7a40NszXyogPTsq4p1qcMxJMQmn/7 TgUJ1ygb5Jl74buna1+GnvBYPPFa1MTCggxASSVRG33HaJR+gG2WDVA7KylXk3A= =fQo5 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
