MySpace

James Paige's Blog @ Myspace http://HamsterRepublic.com/james/

blogs.myspace.com/jamespaige
MySpace.com | rss | sign in
James Paige

James Paige


Last Updated: 6/10/2009

Send Message
Instant Message
Email to a Friend
Subscribe

Gender: Male
Status: In a Relationship
Age: 31
City: San Pedro
State: California
Country: US
Signup Date: 4/2/2005

Who Gives Kudos:

Sex Club Re.. (1)
Lazzaro the.. (2)
Wednesday, June 13, 2007 

Current mood:Mathy
Category: Web, HTML, Tech
I have often heard it said by computer security type people that using real words in a password is a terrible idea, and that all passwords should be made of random letters numbers and punctuation.

So here is your math puzzle for the day. Estimate which is of the following is a better password:

(1) 8 random characters that may include lowercase letters, uppercase letters, numbers and any punctuation found on a generic keyboard.

example: (mR{Yu_g


(2) 3 random words from the english language. They have to actually be random, and not just three words that you picked from your imagination.

example: dotard mane skycap


Be sure to show your work.
10:59 PM
 
Print
Previous Post: Brief Blog-Urge (and art pictures!) | Back to Blog List | Next Post: Who Shot Bob the Hamster?
Sex Club Reject

 
Lets see three digits of base 170000 (Approximate words currenlty used in english language):
170000 ^ 3 = 4,913,000,000,000,000 Possible combinations

or 8 digits of base 94:
94 ^ 8 = 6,095,689,385,410,816 Possible combinations

So I guess the answer would be 8 random characters. But I think if added antiquated words and proper nouns that might change.
 
Posted by Sex Club Reject on Thursday, June 14, 2007 - 12:50 AM
[Reply to this
James Paige
James Paige

 
The size of your dictionary makes a huge difference. I was working with the Oxford English Dictionary approximation of 500,000 words. And if you allow technical and scientific terms, it is nearly 1,000,000

For bonus points, if we make the assumption that your dictionary has 500,000 words and everything is going to be forced to lowercase, approximately what are the chances that your random selection of three words would result in something that is short enough that your password would weaker to a brute force 26 ^ LEN attack than the 8-digit random password?
 
Posted by James Paige on Thursday, June 14, 2007 - 2:16 AM
[Reply to this
Lazzaro the Vicious

 
Hands down, the first one. Using a brute force hacking method, given the fact that your first example has symbols in it (parenthesis), I would need to anticipate that and more than likely tell my hacking tool to use every ascii character possible.

The second one I could crack using an alpha numeric (plus space) brute force, or a dictionary attack (assuming that I'm using an extraordinarily large list of words)

Yes, I am aware that I'm a few months late. ;P
 
Posted by Lazzaro the Vicious on Thursday, September 13, 2007 - 8:18 PM
[Reply to this
James Paige
James Paige

 
If I used a dictionary of 500000 words (and I did) then your brute-force dictionary attack on the second password would take longer than a brute force ascii attack on the first password.
 
Posted by James Paige on Thursday, September 13, 2007 - 8:24 PM
[Reply to this