Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!hc!pprg.unm.edu!unmvax!ncar!noao!asuvax!nud!sunburn!dover!waters
From: waters@dover.uucp (Mike Waters)
Newsgroups: comp.unix.wizards
Subject: Re: Password Aging
Message-ID: <623@dover.uucp>
Date: 3 Jan 89 17:45:17 GMT
References: <17986@adm.BRL.MIL>
Reply-To: waters@dover.UUCP (Mike Waters)
Organization: Motorola CAD Mesa, AZ {dover}
Lines: 23

In article <17986@adm.BRL.MIL> VINCE%UCONNVM.BITNET@mitvma.mit.edu writes:
>Barry Shein writes:
>>We just did this, lessee, 100 character set, 8 chars, 100^8, assume
>>10,000 encryptions per second is a good upper bound (we'll take a
. . .
>
>But a 50 character set gives only 183 years, not 31,709, and if you really
>use only lower case letters plus a bit (30 chars) your 31,709 years
>becomes 2 years.

And if we use only easily remembered words it becomes as small as hours.
In another thread here the author figures about 200K words > 5 char. long.
Thats not very many to search if you can automate your search! Even using
10 words (50 char) gives a relatively small number.

I think the problem is real, but I don't have any better solutions.


-- 
Mike Waters    AA4MW/7                  *
Motorola CAD Group                      *    Witty remark goes *HERE*
Mesa, AZ   ...!sun!sunburn!dover!waters *
          OR   moto@cad.Berkley.EDU     *