Thursday, March 14, 2013

guessing or securing a password

  • If it's a word found in a dictionary, it doesn't matter how unlikely it is; nobody is going to try to guess it, they're just going to run the dictionary through the password until it hits the right word.
  • If it is not in the dictionary it does not matter; it is simply a combination of different characters.
  • Therefore the ease at which a human can guess a word does not matter. the same mechanism can just test every possible combination of characters. Passwords are going to have to be replaced by a different method. They are becoming obsolete.
  • "Weak" is simply a calculation of the level of complexity, based on number and variety of characters. Adding a capitol letter doubles the complexity. a 5-letter password (if we exclude punctuation and special characters) is 36 times more difficult than a 4-letter one. "5" would be one of the first 36 passwords tested if single-character passwords were permitted. 

No comments: