Re: Password policy.

To: debian-user@lists.debian.org
Subject: Re: Password policy.
From: Reco <recoverym4n@enotuniq.net>
Date: Tue, 13 Nov 2018 20:22:58 +0300
Message-id: <[🔎] E1gMcOw-0003hR-Hp@enotuniq.net>
In-reply-to: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid>
References: <[🔎] E1gMbT7-0001Ge-TB@dalton.invalid>

	Hi.

On Tue, Nov 13, 2018 at 08:23:13AM -0800, peter@easthope.ca wrote:
> Hi, 
> 
> https://www.debian.org/doc/manuals/debian-reference/ch04.en.html#_good_password
> specifies "6 to 8 characters".  Is that adequate against currently available brute force?

$ hashcat --session 6to8 -m1800 /tmp/hash -a3 ?a?a?a?a?a?a

hashcat (v4.2.1) starting...

OpenCL Platform #1: NVIDIA Corporation
======================================
* Device #1: GeForce GTX 1060 3GB, 753/3013 MB allocatable, 9MCU

...

Session..........: 6to8
Status...........: Running
Hash.Type........: sha512crypt $6$, SHA512 (Unix)
Hash.Target......: $6$...
...
Time.Estimated...: Tue Aug 11 17:56:28 2020 (1 year, 271 days)
Guess.Mask.......: ?a?a?a?a?a?a [6]

$ hashcat --session 6to8 -m1800 /tmp/hash -a3 ?a?a?a?a?a?a?a?a

...

Session..........: 6to8
Status...........: Running
Hash.Type........: sha512crypt $6$, SHA512 (Unix)
Hash.Target......: $6$...
...
Time.Estimated...: Next Big Bang (15988 years, 0 days)
Guess.Mask.......: ?a?a?a?a?a?a?a?a [8]


So, 6 characters is somewhat low (that GPU is outdated by today's
standards). 8 characters seem ok.

Reco

Reply to:

References:
- Password policy.
  - From: peter@easthope.ca

Prev by Date: Password policy.
Next by Date: Re: Password policy.
Previous by thread: Password policy.
Next by thread: Re: Password policy.
Index(es):
- Date
- Thread