RE: Length vs Complexity

[ron () hotmail com]

Sure dictionary words are subject to cracking "shortcuts" via dictionary attacks, but random letters of equivalent 
length would be harder to crack.

http://www.lockdown.co.uk/?pg=combi&s=articles - Password Recovery Speeds. This page has a set of tables comparing 
length and complexity with estimated cracking time. Granted, it is an old article, 2006, but the relative values should 
still hold for single processors. 

Of course, now we also have to consider with massively parallel processing.  Botnets that can break the problem down 
into smaller individual chunks. And use of graphics cards for parallel processing in single processors, ie 
http://www.net-security.org/secworld.php?id=6616 - Cracking one billion passwords per second with NVIDIA video cards.

http://lastbit.com/pswcalc.asp - Password brute force hack calculator

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------