On Tuesday 28 December 2004 19:25, Hans de Goede <j.w.r.degoede@xxxxxx> wrote: > > The program could try over 600 combinations a second on a 2-3yo Athlon > > giving almost 5 digits tested per day if you only use lower-case and > > digits. This means that a pass-phrase of 6 characters comprising > > lower-case and digits could be reliably cracked in just over a month. 7 > > characters could be done in 3 years with an old Athlon or maybe some > > reasonable amount of time in a dual-Opteron. 8 or more characters would > > require a large network of machines. > > > > Let me know if you want a copy of my code, but be warned, it's really > > ugly. Also it might be possible to optimise things and maybe double the > > speed if you can figure out GPG memory management (I can't). > > 1) Thanks, but I finally remembered my password > 2) This is worry some, so a passphrase really should be 8 chars minimal? Given that anyone can crack 6 characters, 7 characters could be cracked easily by hardware that will be cheap in a few years, and 8 can be easily cracked with a network of machines I think that you need at least 10 characters for the pass-phrase to be worth much. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
