|
Message-ID: <CAJ9ii1FjqF4e0jUcEi01EnX76gb9ZBOxPBDTPAa9xQSrsHmw+A@mail.gmail.com> Date: Fri, 3 Aug 2012 15:54:23 -0400 From: Matt Weir <cweir@...edu> To: john-users@...ts.openwall.com Subject: Re: any plans to support superlong passwords? It's my understanding that Korelogic's focus on passphrases was to spur the development of passphrase cracking tools/techniques. Aka passphrases may not be common, but it's nice to have tools that can target them. If we had good passphrase cracking tools right now, the number of passphrases in the challenge wouldn't have been a problem ;p For example, one outcome of this contest might be that atom modifies oclhashcat so it can target passwords longer than 15 characters ;p Matt On Fri, Aug 3, 2012 at 2:57 PM, Brad Tilley <brad@...ystems.com> wrote: > Hi Stephen, > > <snip> > >> which basically points an average of 8-9 characters (again 1.1 million > could all be greater than 16 characters and I don't know it yet... give > me 2 years and I can give a better estimate). >> >> Looking though at the plain text ones (eg rockyou and the various other > plaintext ones..) 8 is the average size of passwords there. Usually in > the form of the same ones we have been finding for the last 20 years. > > > I agree. Humans being humans, we don't tend to use long passwords unless > we are forced to do so. All of the studies I've seen and research I've > done point to between 6 to 9 characters as being the average password > length on most systems. > > Sure, there are longer passwords (no one disputes that), 'Password123456!' > for example, but 21 to 22 characters as an average? That's simply not a > realistic average anywhere on this planet. Perhaps it is for high-security > military systems and as we've all seen it certainly is for contrived > passwords in the KL contest, but not for a real passwords on real sites > intended to be consumed by the masses. It just isn't so. > > I assume KL devised such an unrealistic average length as an attempt to > hinder the GPU teams and rainbow table attacks. It didn’t seem to work. > > Brad > > > > > > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.