Re: LUKS password gets printed as stars
On 2017-12-23, Hans <hans.ullrich@loop.de> wrote:
>
> But 1 percent longer for each added digit sounds not much. However, when it
> comes to more digits, let's say 16 (WPA2 often uses 16 digits with only
> letters and numbers), then the time to crack will increase rapidely.
>
> If I understood you correct, and please correct me if I am wrong, this is 1
> percent of the time for trying all combinations with one lesser digit.
>
> And I suppose, guessing 15 digits will cause a loooooong time, and 1 percent
> of this looooong time plus another much more looooooong time will result in a
> very looooooooooong time. So, the more unnecessary digits, the better.
(Assuming all 95 printable ascii characters) link to % time savings:
http://www.wolframalpha.com/input/?i=%28sum%20from%20n%3D1%20to%20n%3D16%20of%2095%5En%20%29%20%2F%2095%5E17&dataset=&equal=Submit
Quote:
An interesting mathematical quirk about this ratio of the number of passwords
shorter than n, over the number of passwords of length n, is that it doesn't
really depend on n. This is because we're already very close to the asymptote
of 1/95 = 0.0105. So an attacker gets the same relative, or percentage, time
savings from this trick regardless of the length of your password; it's always
between 1% - 2%. Though, of course, the absolute time that it takes grows
orders of magnitude with each new character that you add.
https://security.stackexchange.com/questions/92233/how-critical-is-it-to-keep-your-password-length-secret
--
"An autobiography is only to be trusted when it reveals something disgraceful.
A man who gives a good account of himself is probably lying, since any life
when viewed from the inside is simply a series of defeats."
— George Orwell
Reply to: