Re: securing debian
hospedales@wow.net wrote:
> If you think about it, an 8 character password encodes to 4096 * 13 character
> strings. So a dictionary of say 400,000 common words, names, passwords, and
> simple variations would easily fit on a
> 4GB hard drive. The attacker need only sort them, and then check for matches.
> Since a 4GB hard drive can be had for under $1000.00, this is well within the
> means of most system crackers.
You have just discoverd why passwords, on ANY system, should not be
words in any language.
The answer to avoiding brute-force attacks is to enlarge the search space;
this means using passwords that are not words, parts of words, etc.
Example:
For an 8-letter password made of lowercase letters and numbers, the amount
of exhaustive storage required for all possible values is 23.09Tb
(without compression). Not your garden-variety hard drive!
The amount of time required to do the search, on a pentium 133,
is 17 years 267 days ( although the average case will take only half
of that).
If you use non-alphanumeric symbols or mixed case, the amount of space &
time increases exponentially...
I would reccommend downloading crack 5.0 and looking at the documentation;
the author gives a lot of useful advice. I got the figures above from
there, also.
Carl
--
mummert@cs.wcu.edu
The sun's not eternal
That's why there's the blues...
-- Ginsburg
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: