Rodolfo J. Paiz rpaiz at
Fri Oct 29 14:42:24 UTC 2004

On Wed, 2004-10-27 at 15:17 -0400, Lew Bloch wrote:
> "Rodolfo J. Paiz" suggested:
> > Even when I do use passwords (and assuming the 8-char "standard"), I
> > always have at least one upper- and lower-case letter, one number, and
> > one special char. So that's actually 948 = 6,095,689,385,410,816 or
> > about 6.1 x 1015.
> > 
> > If I did my quick figures right, they'd have to exceed 1.93 million
> > attempts per second to be statistically likely to crack my box in less
> > than 100 years. Not bloody likely, and still very secure. <grin>
> That's assuming that all characters from all character sets are equally 
> likely in every position in the password.  In fact, human-generated 
> passwords tend to have fewer punctuation and digit characters than the 
> statistical likelihood.  Exploiting this and similar facts would speed 
> up the attack considerably.

Yes, Lew, but I was being humorous. In reality I rarely use passwords
(note the above "even when...") and usually use keys. But "even when" I
use passwords, *my* password is usually 10 chars or so and is
significantly more random than average. So that should make the process
about 9,000 times harder (i.e. push the 100 years to nearly 1 million

But that wasn't the point. I just noted they'd need nearly 2 million
guesses per second. I've never seen any probes on my box go even faster
than 1 guess per second so far. And since I change my passwords at least
once a year, then I would say it *is* reasonable security to use
passwords if you use a good one.

As an example, let's say that a super-cracker will be 10 times more
likely to guess your password due to whatever. Then in order to guess my
mythical 8-char password above within one year, he'd still need to make
more than 19 million attempts per second.

I think after a day or two you might notice something in your logs,
don't you? Heck, after a week or two you'd most likely be out of disk


Rodolfo J. Paiz <rpaiz at>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the users mailing list