random passwords (was Re: Worm...)
Rahul Dhesi
dhesi at bsu-cs.UUCP
Wed Nov 30 07:24:41 AEST 1988
In article <10896 at ulysses.homer.nj.att.com> smb at ulysses.homer.nj.att.com
(Steven M. Bellovin) writes:
[some calculations]
>If your encryptions take even 10 microseconds -- still 1000 times the best
>speed reported for an 8600 -- my password is safe for 2 years. I change
>it more frequently than that...
Not quite. Your password is safe for two years against a certain
attack, for one year against an attack with a 50% chance of
success...etc.
Consider the claim: "Give me a week, and there's a 1% chance that I
will break into your account."
If the person keeps trying week after week, he will likely break into
your account after two or three years of trying.
No matter how often you change your password.
No matter how often your change your password! I don't like the sound
of that.
(I do realize that your calculations were too conservative by a large
factor.)
--
Rahul Dhesi UUCP: <backbones>!{iuvax,pur-ee}!bsu-cs!dhesi
More information about the Comp.unix.wizards
mailing list