-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2008-05-20 at 19:26 -0400, Washington Irving wrote:
The idea is that the number of passwords which need to be tried to guaranteed success in a brute force attack is:
CharacterSetSize ** PasswordLength
By forcing the user to expand beyond 26 lowercase letters, to include upper case, numerals, and punctuation characters, the Character set size expands from 26 to 94
So, change to hexadecimal passwords, made with a random generator. Char set size = 255 :-P More seriously, though, for some time I had to enter a login password composed from some digits taken from a little gadget that displayed a pin number that changed every minute (and different for every employee), and a remembered pin: the combo is not guessable nor breakable by brute force. They need to steal the gadget and force the pin out of the user. However, if you force users to create very difficult passwords, they will have to write them up, and that's a worse liability than relatively weak passwords. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIM2J5tTMYHG2NR9URAuERAKCGbdhcoh8lnL42ahR4vFP+FdrzbACcDkzn SxscDB+AeRFBZFY8RiEYQmw= =CgOS -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org