[Packet-ninjas-syn-k1ck] Re: [Dshield] Password Strength
frank at knobbe.us
Tue Oct 19 20:22:43 GMT 2004
On Tue, 2004-10-19 at 15:10, Thomas Torgerson wrote:
> In this case, OTP is the only way to go...
Not necessarily. The existing rainbow tables are only for a 14 char key
space. Windows can be configured to handle passwords up to 127 chars in
length. So just by adding a few more characters you already create a
password that these tables can not break. (See recent passphrase
discussion in various mail lists).
With each additional character, the rainbow tables would require 67 more
choices (then multiply by the hash length and add a few bytes overhead).
15 chars = 67 * 25 GB
16 chars = 4489 * 25 GB
17 chars = 300763 * 25 GB
PS: Feel free to quibble about bytes if my math skills are off :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20041019/692165c8/attachment.bin
More information about the list