On 6/10/12, Joel jaeggli <joe...@bogus.com> wrote:
> How good does a password/phrase have to be in order to protect
> against brute-force or dictionary attacks against the password itself?
> ? Entropy in language.
> A typical english sentence has 1.2 bits of entropy per character,
> you need 107 characters to get a statistically random md5 hash.
> Using totally random english characters you need 28 characters.
> Using a random distribution of all 95 printable ascii characters you
> need 20 characters.
> ? Observation, good passwords are hard to come by.
I don't disagree, except regarding dictionary attacks. If the attack isn't
random then math based on random events doesn't apply. In the case of a purely
dictionary attack if you choose a non-dictionary word and you are 100.000%
safe. :)
John
John Souvestre - New Orleans LA - (504) 454-0899
