On Nov 15, 2009, at 10:40 AM, Kurt Granroth wrote:
> I feel pretty safe with a protocol that would require long than the
> age
> of the universe to crack! I would NOT consider that broken :-)
I think this is a pretty sane approach to things. You have to think
about likely vs. unlikely, not possible vs. impossible.
The fact that any password can be guessed eventually isn't the point.
You just have to make it inconvenient enough for an attacker that they
give up and go somewhere else. Obviously that calculus is different
when the payoff for your cracking efforts is 'taking down a power
grid' or 'launching a missile', instead of 'free wireless access'. To
me, if its likely to take a cracker multiple years of concerted effort
to break my wireless network, that's plenty for me.
Kurt : Is that "28 trillion hours" figure you cited the estimated time
to try *all* 12 character passwords? If so, I think that's not the
right metric. The search for a password stops once you've found the
correct one, and you'd only try them all if the correct password is
the very last one you tried. It'd be helpful to know something like
"I'm able to attempt 95% of all 12 character passwords after 28
trillion hours". If the password is truly a random string of junk,
it's perfectly possible (just phenomenally unlikely) that you'll guess
it on the 1st try.
Thanks for an interesting discussion.
alex
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss 
(text/plain)
