Come for the quick hacks, stay for the epiphanies. | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
You can do the maths easy enough. Say you have a dictionary of 10**5 words and use dict_word[0..9] as the pattern you get 10**5*10 == 10**6 == not enough permutations that should be memorable. If you use dict_word[0..9]dict_word instead you then get a respectable 10**11 or 100 billion permutations which is the same conmplexity as what was presented. The rationale for \w{4}\d\w{5} was to make two reasonably easy to remember strings separated by an easy to remeber digit. By adding [-_.] to the mix you only up the permutations to 106 billion (81*10**9*13/10) from 81 == small change. If you add the digit in position 5 or 6 randomly you up the permutations from 82 to 164 billion which is still a relatively small change. Using dipthongs instead of single consonants still only adds ((consonants+dipthongs)/consonants))**5 units of complexity. Extra length is a good way to increase conplexity as each extra alphanumeric adds roughly one order of magnitude of complexity. Exactly one order of magnitude for digits, a little more for alphabetics where the set > 10. By far the best protection from brute forcing is to protect the pwd database with as little as a 1 second retry timout as 82*10**9 seconds is roughly 2100 years so your attacker should be dead long before they crack a pwd. Like all security it is simply a matter of how high you want to raise the bar, the idea being for it not to be worth the time expended for the result obtained. cheers tachyon s&&rsenoyhcatreve&&&s&n.+t&"$'$`$\"$\&"&ee&&y&srve&&d&&print In reply to Re: Re: Random string generator
by tachyon
|
|