Stop using passwords of any kind
Nyrath sent me a link to this must-read. Its called Why you shouldn’t be using passwords of any kind on your Windows networks, and details why all windows networks should switch to pass-Phrases. I’m starting immediately.
Fact: Did you know that Windows 2000 based operating systems support pass-PHRASES of up to 127 characters including spaces, and unicode characters like this… act: Did you know that even the most effecient form of password cracking (pre-computation using Sarca rainbow tables) breaks down and becomes infeasible for most attackers at around 10 characters (I’ve seen the math to prove it) and at 14 characters or more Excel can’t even display a number big enough to show how long it would take to pre-compute / look-up a 14 character password (so I’m assuming this would safely rule out dedicated government agencies with unlimitted hardware budgets ).
Anonymous are discussing.
Anonymous 9:45 am on 10/26/2004 Permalink
10 characters, 10^10 different combinations,
10,000,000,000 possible passwords. A P4 1.6Ghz processor will crank out about 1955 Flops, So with 10 billion operations it would take about 5 million seconds or 60 days, so how is that impossible? One of the US governments most powerful processors can pull off 13,600,000,000,000 calculations per second and would crack a ten digit password in .0007s.
euicho 5:26 pm on 10/26/2004 Permalink
true it is not impossible, but as the article says, its “infeasible” due to the fact that one should change their password every month or sooner, and many companies, including the one I work for, do indeed have that policy. As for government agencies, well, lets just hope they arn’t trying to access my data, lol.