Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] On "Simple" Brute Forcing Passwords Not Being Simple



A hint at the sort of things that the secretive TLAs must have put a hell of a lot of thought into:


  Using Ordered Markov Chains and User Information 
  to Speed Up Password Cracking https://t.co/rNk6BR1Yaa

  https://twitter.com/newsycombinator/status/835520068700221441


Once a passphrase gets slightly long the na?ve search space gets impossibly large, even if the passphrase isn't inherently very good. ("May the force be with you.") But with some careful thought more likely passwords can be tried sooner than others. 

Go ahead. Fantasize spending a few million dollars on GPU cracking gear. (Now you are invincible!) But do the math on how big the search space is to find a 20-character passphrase. 

Once you try to do the math you'll notice the very description "20-characters" suddenly becomes pretty vague. Reasonable people won't agree on how many digits are in the answer, let alone a precise value. But one thing should be clear: It is a really big number.

You can't try all the combinations. Spend billions, and you still can't. No one can. You have to prioritize?

Very interesting problem. A lot of fun to think about.

-kb
-- 
Sent from my Turing machine.



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org