[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-devel
Subject: Re: IBM Applies for Password Manager Patent
From: Michael Pyne <pynm0001 () comcast ! net>
Date: 2003-11-15 5:20:24
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thursday 13 November 2003 15:51, Jason Keirstead wrote:
> On November 13, 2003 5:38 pm, George Staikos wrote:
> > You think that kwallet is easier to brute force than /etc/shadow and
> > the 8 character unix passwords?
> How is he going to read /etc/shadow when he can't log in?
If he's brute forcing a password, he doesn't need /etc/shadow, he needs only
to try to login until the system accepts him. Of course, a good system would
block his IP and inform and admin after a few failed attempts, but the point
is that he really doesn't NEED /etc/shadow for a brute-force attack. A
simple dictionary attack will suffice, and is likely to finish about a
trillion years of so before brute forcing Blowfish. :)
The difference is in the sample space of the keys. Assuming 256-bit Blowfish,
there will be around 2^256 different keys available to choose from, which
means, on average, 2^255 attempts using brute force. It may even be possible
to reduce that to 2^254, but I think even that is many orders of magnitude
greater than the number of different passwords which can be stored in /etc/
shadow.
- Michael Pyne
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQE/tbekqjQYp5Omm0oRAvjoAJ4gnPi6V4Pg4Ul1krm7BLyZUAgk2ACfcGPA
YgleSoBQj+MoObO6PPGZuFQ=
=SpQK
-----END PGP SIGNATURE-----
>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic