From: Alexander Klimov (alserkliinbox.ru)
Date: Wed Jul 14 2010 - 03:53:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 13 Jul 2010, Thor (Hammer of God) wrote:
> However, what IS different is that you can actually get an idea of
> exactly how many iterations it will take to crack both a particular
> password specifically and the keyspace it "lives" in, apply that to
> actual TIME required to crack it. I like that part, and have found
> it to be valuable, so here it is in case you do as well.

An incorrect precise number is worse than no number at all: if
you assure user that it takes 129,052,722,140 iterations to
guess password "password", or 2,322,220,814,264,750,000 to
guess "qwerty123456", it only misleads. The real attackers start
guessing not from "a", but in the most-probable-first order.
What is this order depends on the traits of the mark: the first
password to try, can as well be "password", "qwerty123456", or
"salasana".

--
Regards,
ASK

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]