Xref: utzoo sci.crypt:1412 comp.unix.wizards:13632 news.sysadmin:1982
Path: utzoo!attcan!uunet!peregrine!zardoz!root
From: root@zardoz.UUCP (Operator)
Newsgroups: sci.crypt,comp.unix.wizards,news.sysadmin
Subject: Re: Yet Another useful paper
Message-ID: <46719@zardoz.UUCP>
Date: 21 Dec 88 03:27:49 GMT
References: <11013@ulysses.homer.nj.att.com> <2308@cuuxb.ATT.COM> <4420@xenna.Encore.COM>
Reply-To: root@zardoz.UUCP (Operator)
Organization: Custom Product Design Inc., Santa Ana, CA
Lines: 17

In article <4420@xenna.Encore.COM> bzs@Encore.COM (Barry Shein) writes:
>>As far as UNIX passwords, it further justifies the use of a shadow
>>password file and the use of 64 character pass phrases.
>Why? Because it shows a 20x speedup possibility? Let's do the
>arithmetic again...
>Given a 100 character character set and 8 characters in a password
>the search space is 100^8 which is:

But you don't need to search through all 100^8 combinations to have a
reasonable change of gaining entry.  All you need is to search through
a 1000, or possibly even 10,000 common names and words, and you will
find a match on a surprisingly large number of systems.  Under this
scenario, a 20 X speedup can make a big difference on the practicality
of sneeking in a large batch job to do some password crunching.

neil@cpd.com
uunet!zardoz!neil