Re: Password cracking benchmarks

[Kevin Shalla <kshalla () UIC EDU>]

Don't dictionary and brute force attacks rely on having access to the
password file?  Aren't password files protected from theft?  Aren't
login sessions encrypted between PC and server?  Are we talking about
hacking by system administrators?  If it's just trying passwords,
don't lockout strategies keep them out?

At 10:15 PM 11/10/2005, Alan Amesbury wrote:
> OK, folks, bad news:  This is a looong posting.  This topic comes up in
> discussion locally between academic units all the time, and I see we're
> skirting around it on EDUCAUSE.  However, the last time I looked at this
> in detail was several years ago, and on/with much slower systems.  Call
> this the semi-decade update.  The good news is the math is pretty
> straightforward.  My apologies if this seems overly basic to you; I just
> want to make sure everyone has all the information.......