bdubbs at swbell.net
Thu Jan 17 08:47:42 PST 2002
Richard Lightman wrote:
> * Bruce Dubbs <bdubbs at swbell.net> [020117 11:35]:
>>Fabio Fracassi wrote:
>>>And also remember that brute-force
>>>benefits linearly from paralel Prossesing, so with a small net It gets even
>>And the time to crack goes up exponentially with length of password.
> If a cracker had to find the exact password, that would be true.
> For unix passwords, crackers only need to find a password with
> the same digest. If your password is longer than the digest,
> you can be confident that a shorter password with the same digest
Let's see. My shadow digests are 13 characters long. There are over 90
characters possible for each position for about 1.5 x 2^20 possible
(1.5B) combinations. Its possible for two passWORDS/PHRASES to generate
the same digest, but unlikely. Of course in a brute force attack,
someone can get lucky and guess the PW on the first try, but the odds of
winning the lottery are about a 1000 times better.
This brings up an interesting point. How long does it take to try one
password? If you were cracking passwords a lot, you could just generate
all combinations up to a certain length on a large hard disk and do a
binary search on the digest and get any of those PWs in less than a second.
This is my last post in lfs.dev. Please move to lfs.security.
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security