meditationatae

Just another WordPress.com site

Georgia Tech researchers recommend 79-bit passwords

In terms of entropy or “randomness” random 12-character passwords (at 95 choices per character) is about the same amount of entropy as in random 79-bit strings. 

Cf.:

http://www.scmagazine.com/password-security-can-improve-but-the-hackers-will-still-get-in/article/253931/

which cites the 2010 Georgia Tech research into brute-forcing passwords using GPUs.  My understanding is that a general assumption is that hashes of the password file are available.  Also see “rainbow tables”.  A strong, random, 12-character password will resist attacks where the password file (the hashes, with salt added usually before hashing) is compromised.  But 8-character passwords will  be easy pickings if the password file (the hashes) is compromised.

 

Advertisements

Written by meditationatae

March 9, 2013 at 5:18 pm

Posted in History

%d bloggers like this: