Groups | Search | Server Info | Login | Register

Groups > comp.os.linux.security > #768

Re: Adding Secure Passwords to Linux

From Spiros Bousbouras <spibou@gmail.com>
Newsgroups comp.os.linux.security
Subject Re: Adding Secure Passwords to Linux
Date 2023-06-12 13:33 +0000
Organization A noiseless patient Spider
Message-ID <bdGQWDsP2TEADyhtG@bongo-ra.co> (permalink)
References <b5a2266d-b904-4175-bbaf-a4e5139754bbn@googlegroups.com> <20220729083657.53e8c00e@8200cmt> <A3fdFLvyyyKnZ8KuK@bongo-ra.co> <slrnu8e496.28ha.trepidation@vps.jonz.net>

Show all headers | View raw

On 12 Jun 2023 12:35:50 GMT
Allodoxaphobia <trepidation@example.net> wrote:
> On Sun, 11 Jun 2023 10:30:40 -0000 (UTC), Spiros Bousbouras wrote:
> > On Fri, 29 Jul 2022 08:36:57 +0200
> > Marco Moock <mo01@posteo.de> wrote:
> >> On Thu, 28 Jul 2022 11:25:49 -0700 (PDT)
> >> John Savard <quadibloc@gmail.com> wrote:
> >> 
> >> > I just encountered an article saying that, since today's GPUs are so
> >> > powerful, there's no such thing as a secure password any more.
> >> 
> >> I depends on the length. Longer passwords are better. The process of
> >> cracking passwords when a hash table is available, even if salted, is
> >> decreasing because GPUs become faster and this process can easily be
> >> split on many machines.
> >> There are some steps that can increase the time:
> >> 
> >> Longer passwords (The amount of time needed increases exponential with
> >> the length of the pw)
> >
> > Assume that an attacker can test 10**12 passwords per second. 
> 
> What internet-facing firewall would entertain 10**12 password attemps
> per second?!?!

That's besides the point. The posts I quoted address the issue of whether
GPUs are so powerful that you can't create a password of reasonable length
which cannot be cracked through brute force. I provided a simple calculation
which suggests that , even with an attacker with extraordinary computing
power available , a password with only 16 characters would be safe.

-- 
vlaho.ninja/prog

Back to comp.os.linux.security | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Adding Secure Passwords to Linux John Savard <quadibloc@gmail.com> - 2022-07-28 11:25 -0700
  Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2022-07-28 21:16 +0100
  Re: Adding Secure Passwords to Linux Marco Moock <mo01@posteo.de> - 2022-07-29 08:36 +0200
    Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-11 10:30 +0000
      Re: Adding Secure Passwords to Linux Allodoxaphobia <trepidation@example.net> - 2023-06-12 12:35 +0000
        Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-12 13:33 +0000
        Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-12 16:46 +0100
          Re: Adding Secure Passwords to Linux Bit Twister <BitTwister@mouse-potato.com> - 2023-06-13 08:10 -0500
            Re: Adding Secure Passwords to Linux "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-06-13 15:12 -0400
          Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-15 20:30 +0000
            Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-16 08:29 +0100
              Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-16 11:18 +0000
  Re: Adding Secure Passwords to Linux John McCue <jmccue@magnetar.jmcunx.com> - 2023-06-11 14:28 +0000

csiph-web