Re: "Proactive" Password Checking

Alec Muffett (alecmcoyote.uk.sun.com)
Wed, 10 Nov 1999 16:31:44 +0000

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Joseph S D Yao: "Re: Is this for real"
• Previous message: Axel Schwarz: "Ouside and inside firewall network adaptor on the same net?"

>Now consider the password "maryhadalittlelamb"

let's see...

under Unix - 8 character truncation "maryhada"

also: implies password is definitely 8 chars long

password taken from the set of all lowercase letters

thus: set size of 26 symbols

there are 26^8 = 208827064576 passwords of length 8
which comprise only of lowercase letters

my dual-cpu 450MHz UltraSPARC-II can do 25000 crypts/sec/cpu
- certainly more if i could be bothered to optimise the code.

50000 crypts/second total, on my desktop.

208827064576 passwords at 50000 crypts/sec = 4176541 seconds

4176541 seconds = 48 days 8 hours 9 minutes 1 second

I can throw a rock from where I sit and hit about a dozen similar
machines; say I can get ahold of 10 for simplicity.

I can definitely crack your password in 4 days and 20 hours;
on average I will manage it in a little over two days.

...so...

I *do* hope you change your "secure" password on a weekly basis.

        - alec

-- 
       alec muffett, sun professional services, alec.muffett  uk.sun.com
                        bananas are not the only fruit

• Next message: Joseph S D Yao: "Re: Is this for real"
• Previous message: Axel Schwarz: "Ouside and inside firewall network adaptor on the same net?"

This archive was generated by hypermail 2.0b3 on Thu Nov 11 1999 - 10:17:55 CST