Password length paranoia
Peter Pentchev
roam at ringlet.net
Tue Feb 7 21:32:02 CET 2006
On Tue, Feb 07, 2006 at 08:14:29PM +0100, Ludwig H?gelsch?fer wrote:
> Hi,
>
> On 07.02.2006 20:05 Uhr, Oskar L. wrote:
>
> > This is of course only true if the attacker knows it is exactly 15
> > characters long. If not, then it should be calculated like this: 95^1 +
> > 95^2 + 95^3 + ... + 95^15.
>
> Right, this gives exactly 95^16 - 1.
Errr... only for very small values of 95, I'd say ;) Namely, only
if 95 equals 2... which it doesn't quite seem to :)
Oh, ooookay, so it's more like (95^16 - 1^16) / (95 - 1), which is
only 94 times less than your bid. But still... :)
> This is not a dramatic improvement compared to 2^256.
Errrrrr... what?!
Straight from bc's mouth:
(95^16-1)/(95-1)
468219860267835848675991626496
2^256
115792089237316195423570985008687907853269984665640564039457584007913129639936
Okay, so it might not be quite in the feasible range - I'll leave
that for others to judge - but it does seem pretty dramatic to me.
G'luck,
Peter
--
Peter Pentchev roam at ringlet.net roam at cnsys.bg roam at FreeBSD.org
PGP key: http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint FDBA FD79 C26F 3C51 C95E DF9E ED18 B68D 1619 4553
If I had finished this sentence,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20060207/9e42b614/attachment.pgp
More information about the Gnupg-users
mailing list