|
|
|
| Authored by: Anonymous on Wednesday, August 22 2012 @ 06:52 AM EDT |
I haven't done the math, but I think you would have to be
phenomenally unlucky for your complex long password to have
a hash collision with a dictionary word...
Simply put, there are vastly more combinations of complex
(caps, lower, numbers and symbols, or non dictionary word)
passwords available than there are dictionary words - which
is one of the reasons to use a long complex passphrase.
Collisions do exist, so it's technically possible, but then
it's technically possible to guess a 128 / 256bit secret key
without even bothering to attack the password.
I think it's currently very challenging to find *any*
collisions in SHA1, so it seems wildly unlikely to start
with an arbitrary "random" passcode and find a collision
with the (vastly reduced set of) short obvious dictionary
words.
I'm not sure I'll be losing much sleep on that idea, but
then I'm not James Bond. Mileage may vary.
[ Reply to This | Parent | # ]
|
| |
| Authored by: scav on Wednesday, August 22 2012 @ 08:54 AM EDT |
A SHA1 hash is 160 bits long. So at a first approximation,
the chance of your password hashing to the same as "password"
is one in 2^160. You can worry about odds like that if you
want ;)
Also, the hash should be of your password and a randomly
chosen per-user salt value, so that two people with the same
password will still have different hashes. There's no
computationally-feasible way to attack a list of such salted
hashes even if you know the salt and hash for each one.
---
The emperor, undaunted by overwhelming evidence that he had no clothes,
redoubled his siege of Antarctica to extort tribute from the penguins.[ Reply to This | Parent | # ]
|
|
|
|
|
