Just another site

Georgia Tech researchers recommend 79-bit passwords

In terms of entropy or “randomness” random 12-character passwords (at 95 choices per character) is about the same amount of entropy as in random 79-bit strings. 


which cites the 2010 Georgia Tech research into brute-forcing passwords using GPUs.  My understanding is that a general assumption is that hashes of the password file are available.  Also see “rainbow tables”.  A strong, random, 12-character password will resist attacks where the password file (the hashes, with salt added usually before hashing) is compromised.  But 8-character passwords will  be easy pickings if the password file (the hashes) is compromised.



Written by meditationatae

March 9, 2013 at 5:18 pm

Posted in History

%d bloggers like this: