Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Why use strong passwords?
Special Forums Cybersecurity Why use strong passwords? Post 302726991 by Neo on Monday 5th of November 2012 12:57:01 PM
Old 11-05-2012
Quote:
Originally Posted by Neo
According to this quick wikipedia article on password strength (FWIW):
Quote:
As of 2011, commercial products are available that claim the ability to test up to 2,800,000,000 passwords per second on a standard desktop computer using a high-end graphics processor.
Quote:
Originally Posted by jgt
Picking easy passwords allows the use of a "common password dictionary", however, even this method requires the testing be done on the target system, as not all systems use the same algorithm or seed.
A 'simple' password of 8 characters made up of only lowercase letters and digits allows 2821109907456 possibilities, which at 1000 possibilities per second still requires 32615 days to test.

Given these two quotes above, jgt's example goes from 32615 days to test to 0.0116 days to test, or a bit more than 15 minutes (around 17 minutes, I think if my math was right).

Edit: Confirmed 16.79 minutes using a high end desktop computer in 2011 per the wikipedia number in the reference
 

2 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Strong quotes and spaces

We ran into a problem because of a shop that uses Windows and UNIX. The file names that Windows uses have spaces in them. When they get moved to the unix system they still have spaces. This produces a problem in our script that moves them again from one unix system to another. I've made up a... (2 Replies)
Discussion started by: jimcampanella
2 Replies

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

LEARN ABOUT CENTOS

pwscore

PWSCORE(1)						      General Commands Manual							PWSCORE(1)

NAME

       pwscore - simple configurable tool for checking quality of a password

SYNOPSIS

       pwscore [user]

DESCRIPTION

       pwscore is a simple tool for checking quality of a password. The password is read from stdin.

       The  tool  uses the libpwquality library to perform configurable checks for minimum length, dictionary checking against cracklib dictionar-
       ies, and other checks.

       It either reports an error if the password fails any of the checks, or it prints out the password quality score as an integer value between
       0 and 100.

       The  password  quality  score is relative to the minlen setting in the configuration file. But in general values below 50 can be treated as
       moderate quality and above it fairly strong quality. Any password that passes the quality checks (especially the mandatory cracklib  check)
       should withstand dictionary attacks and scores above 50 with the default minlen setting even fast brute force attacks.

OPTIONS

       The first and only optional argument is the user name that is used to check the similarity of the password to the username.

FILES

       /etc/security/pwquality.conf - The configuration file for the libpwquality library.

RETURN CODES

       pwscore returns 0 on success, non zero on error.

SEE ALSO

       pwscore(1), pwquality.conf(5), pam_pwquality(8)

AUTHORS

       Tomas Mraz <tmraz@redhat.com>

Red Hat, Inc.							    10 Nov 2011 							PWSCORE(1)
All times are GMT -4. The time now is 08:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy