[WikiEN-l] Passwords (was Re: Admins who do not have email this user enabled (list inside))

Armed Blowfish diodontida.armata at googlemail.com
Thu Sep 13 01:27:25 UTC 2007


On 12/09/2007, Delirium <delirium at hackish.org> wrote:
> Gregory Maxwell wrote:
>>> I think the initiative to ensure that people had secure login
>>> passwords (which happened, oh, months back) reset people's email
>>> preferences - I had no idea that my preferences had changed until a
>>> good while later (not that it matters much in my case, but however...)
>>
>> Ah. Those who got hit with guessable passwords.... ;)
>
> I haven't changed my password either, so it couldn't be that my password
> was guessable (or if it was, it still is...).
>
> -Mark

All passwords are guessable, it's just
a matter of how many guesses one
would expect it to take.

A random password containing 8
lowercase letters:
(26^8) / 2 = 104 413 532 288
approximately a 37 or 38 bit key

A random password containing 8
letters, uppercase and lowercase:
(52^8) / 2 = 2.67298643 × 10^13
approximately a 45 or 46 bit key

A random password containing
8 characters, including uppercase
letters, lowercase letters, and
numbers:
(62^8) / 2 = 1.09170053 × 10^14
approximately a 47 or 48 bit key

A random password containing
9 characters, including uppercase
letters, lowercase letters, and
numbers:
(62^9) / 2 = 6.76854327 × 10^15
approximately a 53 or 54 bit key

Supposing, using three character
types (uppercase and lowercase
letters + numbers) you wanted
to have the equivalent of at least
a 256 bit key, you would need
43 characters.  For the equivalent
of a 512 bit key, 86 characters.

A key word here is random - most
passwords are not random, so
password crackers can use
psychological tricks such as dictionary
attacks, dictionary attacks with slight
variations, etc.

Of course, if your connection to a
website is not encrypted, and someone
is eavesdropping on your connection,
all of this is irrelevant, as the person
can simply read your password in
plain text.

Disclaimer: I'm on painkillers, so if my
math is wrong, that's why.



More information about the WikiEN-l mailing list