On 6/10/12 00:25 , John Souvestre wrote: > On 6/10/12, Joel jaeggli <joe...@bogus.com> wrote: > >> How good does a password/phrase have to be in order to protect >> against brute-force or dictionary attacks against the password >> itself? ? Entropy in language. A typical english sentence has 1.2 >> bits of entropy per character, you need 107 characters to get a >> statistically random md5 hash. Using totally random english >> characters you need 28 characters. Using a random distribution of >> all 95 printable ascii characters you need 20 characters. ? >> Observation, good passwords are hard to come by. > > I don't disagree, except regarding dictionary attacks. If the attack > isn't random then math based on random events doesn't apply. In the > case of a purely dictionary attack if you choose a non-dictionary > word and you are 100.000% safe. :)
the search space for 6 8 10 character passwords is entirely too small... > John > > John Souvestre - New Orleans LA - (504) 454-0899 > > > >
