Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #765

Re: Adding Secure Passwords to Linux

Show key headers only | View raw

On Fri, 29 Jul 2022 08:36:57 +0200
Marco Moock <mo01@posteo.de> wrote:
> On Thu, 28 Jul 2022 11:25:49 -0700 (PDT)
> John Savard <quadibloc@gmail.com> wrote:
> 
> > I just encountered an article saying that, since today's GPUs are so
> > powerful, there's no such thing as a secure password any more.
> 
> I depends on the length. Longer passwords are better. The process of
> cracking passwords when a hash table is available, even if salted, is
> decreasing because GPUs become faster and this process can easily be
> split on many machines.
> There are some steps that can increase the time:
> 
> Longer passwords (The amount of time needed increases exponential with
> the length of the pw)

Assume that an attacker can test 10**12 passwords per second. Lets say
that we create a password using an alphabet which has
    A-Z a-z 0-9 ,.

which makes it a round (in binary !) 64 characters. If we have a uniform
random way to pick a character for each position of the password then
in order to brute force a password with 16 characters would take

    64**16 / (10**12 * 3600 * 24 * 366) = 2505444321 years

where I have assumed for simplicity that each year has 366 days.

Is there something seriously wrong with my calculations ? If not then
I don't see a problem. For picking uniform random values ,
/dev/random  and  /dev/urandom  fit the bill.

-- 
Advances in the psychic and related sciences may bring means of
exploring unexpressed beliefs, thoughts and emotions.
  MR. JUSTICE BRANDEIS
  http://supreme.justia.com/cases/federal/us/277/438/case.html

Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar

Thread

Adding Secure Passwords to Linux John Savard <quadibloc@gmail.com> - 2022-07-28 11:25 -0700
  Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2022-07-28 21:16 +0100
  Re: Adding Secure Passwords to Linux Marco Moock <mo01@posteo.de> - 2022-07-29 08:36 +0200
    Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-11 10:30 +0000
      Re: Adding Secure Passwords to Linux Allodoxaphobia <trepidation@example.net> - 2023-06-12 12:35 +0000
        Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-12 13:33 +0000
        Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-12 16:46 +0100
          Re: Adding Secure Passwords to Linux Bit Twister <BitTwister@mouse-potato.com> - 2023-06-13 08:10 -0500
            Re: Adding Secure Passwords to Linux "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-06-13 15:12 -0400
          Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-15 20:30 +0000
            Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-16 08:29 +0100
              Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-16 11:18 +0000
  Re: Adding Secure Passwords to Linux John McCue <jmccue@magnetar.jmcunx.com> - 2023-06-11 14:28 +0000

csiph-web