"Cheap GPUs are rendering strong
passwords useless" http://tinyurl.com/3t63ojq
Gus Wirth
gwirth79 at gmail.com
Mon Jun 6 16:54:51 PDT 2011
On 06/06/2011 03:36 PM, Andrew Lentvorski wrote:
> On 6/6/11 2:18 PM, Tony Su wrote:
>
>> <That's> why practically no password no matter how complex or long
>> isn't safe against brute force cracking using GPU power.
>
> I don't buy that assertion.
>
> A properly designed password scheme is exponential complexity with the
> number of bits.
>
> RC5-72 is still uncracked. That's only 9 bytes.
>
> If that's a password, it's about 15-18 characters (IIRC, each character
> in a password is 4-5 bits of useful entropy).
>
>
> However, the problem is that strong passwords are now *way* past the
> limit of human memory (magic number 5 +/- 2).
I disagree. Even strong passwords are well within the limits of human
memory when approached with a different view from straight memorization.
The key is to use mnemonics to help in the memorization. We actually
used to use it a lot more in the past than we do now. Take for instance
phone numbers, e.g. PEnnsylvania 6-5000, or the color codes for
electrical resistors.
If the password is broken up into small segments and associated with a
mnemonic for each segment then I believe most anybody could remember a
fairly long random password.
But I also like the password card idea presented by jhriv.
Gus
More information about the KPLUG-List
mailing list