On 6/10/12, Joel jaeggli <joelja@bogus.com> wrote:
How good does a password/phrase have to be in order to protect against brute-force or dictionary attacks against the password itself? ? Entropy in language. A typical english sentence has 1.2 bits of entropy per character, you need 107 characters to get a statistically random md5 hash. Using totally random english characters you need 28 characters. Using a random distribution of all 95 printable ascii characters you need 20 characters. ? Observation, good passwords are hard to come by.
I don't disagree, except regarding dictionary attacks. If the attack isn't random then math based on random events doesn't apply. In the case of a purely dictionary attack if you choose a non-dictionary word and you are 100.000% safe. :) John John Souvestre - New Orleans LA - (504) 454-0899