Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!psuvax1!rutgers!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.wizards
Subject: Re: Passwords
Message-ID: <14248:Apr1204:14:4891@kramden.acf.nyu.edu>
Date: 12 Apr 91 04:14:48 GMT
References: <26518@adm.brl.mil>
Organization: IR
Lines: 13

In article <26518@adm.brl.mil> JRAMSDEN%wl7.prime.com@relay.cs.net writes:
> *But* if you then add a couple of numbers or a  symbol,  to  make  say
> "Sch23wartzkopf"  it  gets  converted immediately from being guessable
> (at a pinch) to impossible.

Someone might search for passwords where each character is 70% lowercase
letter with Shannon frequencies, 10% uppercase letter, 15% digits 23457
(surely you know these are the most common?), 5% other digits. He'd get
that password after, say, a hundred billion encryptions---around two
months on a small Sun cluster. These are back-of-the-envelope estimates,
but I certainly wouldn't say that password was impossible to guess.

---Dan