A better way to think about passwords

[Carsten Aulbert]

Hi

On Monday 18 April 2011 00:58:13 Robert J. Hansen wrote:
> 
> His math doesn't work.  I call shenanigans on the entire thing.

I'd like to add a F-ACK to that statement, out of curiosity I tried cracking 
"J4fS<2" with CUDA multiforcer and it took less than 15 minutes on a single 
GF200 class card (the program tells me that it did about 490 million MD5 
hashes per second)...

With that I'd estimate everything below 9 or 10 characters based on a random 
combination of these characters should be considered broken or very likely to 
be broken: 
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~

I'm currently running the "quick brown fox" using a dictionary "attack" (also 
salted MD5 based), but that is usually only successful, if the correct 
combination rules are being considered...

Just my inflationary €0.023

Cheers

Carsten