Groups | Search | Server Info | Login | Register
Groups > comp.os.linux.security > #765
| From | Spiros Bousbouras <spibou@gmail.com> |
|---|---|
| Newsgroups | comp.os.linux.security |
| Subject | Re: Adding Secure Passwords to Linux |
| Date | 2023-06-11 10:30 +0000 |
| Organization | To protect and to server |
| Message-ID | <A3fdFLvyyyKnZ8KuK@bongo-ra.co> (permalink) |
| References | <b5a2266d-b904-4175-bbaf-a4e5139754bbn@googlegroups.com> <20220729083657.53e8c00e@8200cmt> |
On Fri, 29 Jul 2022 08:36:57 +0200
Marco Moock <mo01@posteo.de> wrote:
> On Thu, 28 Jul 2022 11:25:49 -0700 (PDT)
> John Savard <quadibloc@gmail.com> wrote:
>
> > I just encountered an article saying that, since today's GPUs are so
> > powerful, there's no such thing as a secure password any more.
>
> I depends on the length. Longer passwords are better. The process of
> cracking passwords when a hash table is available, even if salted, is
> decreasing because GPUs become faster and this process can easily be
> split on many machines.
> There are some steps that can increase the time:
>
> Longer passwords (The amount of time needed increases exponential with
> the length of the pw)
Assume that an attacker can test 10**12 passwords per second. Lets say
that we create a password using an alphabet which has
A-Z a-z 0-9 ,.
which makes it a round (in binary !) 64 characters. If we have a uniform
random way to pick a character for each position of the password then
in order to brute force a password with 16 characters would take
64**16 / (10**12 * 3600 * 24 * 366) = 2505444321 years
where I have assumed for simplicity that each year has 366 days.
Is there something seriously wrong with my calculations ? If not then
I don't see a problem. For picking uniform random values ,
/dev/random and /dev/urandom fit the bill.
--
Advances in the psychic and related sciences may bring means of
exploring unexpressed beliefs, thoughts and emotions.
MR. JUSTICE BRANDEIS
http://supreme.justia.com/cases/federal/us/277/438/case.html
Back to comp.os.linux.security | Previous | Next — Previous in thread | Next in thread | Find similar
Adding Secure Passwords to Linux John Savard <quadibloc@gmail.com> - 2022-07-28 11:25 -0700
Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2022-07-28 21:16 +0100
Re: Adding Secure Passwords to Linux Marco Moock <mo01@posteo.de> - 2022-07-29 08:36 +0200
Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-11 10:30 +0000
Re: Adding Secure Passwords to Linux Allodoxaphobia <trepidation@example.net> - 2023-06-12 12:35 +0000
Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-12 13:33 +0000
Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-12 16:46 +0100
Re: Adding Secure Passwords to Linux Bit Twister <BitTwister@mouse-potato.com> - 2023-06-13 08:10 -0500
Re: Adding Secure Passwords to Linux "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2023-06-13 15:12 -0400
Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-15 20:30 +0000
Re: Adding Secure Passwords to Linux Richard Kettlewell <invalid@invalid.invalid> - 2023-06-16 08:29 +0100
Re: Adding Secure Passwords to Linux Spiros Bousbouras <spibou@gmail.com> - 2023-06-16 11:18 +0000
Re: Adding Secure Passwords to Linux John McCue <jmccue@magnetar.jmcunx.com> - 2023-06-11 14:28 +0000
csiph-web