Date: Wed, 23 Jul 2003 03:50:22 -0700
From: "David S. Miller" <davem@redhat.com>
To: Herbert Xu <herbert@gondor.apana.org.au>
Cc: a.marsman@aYniK.com, alan@lxorguk.ukuu.org.uk,
       linux-kernel@vger.kernel.org
Subject: Re: 2.4.22-pre7: are security issues solved?
Message-Id: <20030723035022.23a75bc5.davem@redhat.com>
In-Reply-To: <20030723104753.GA2479@gondor.apana.org.au>
References: <Pine.LNX.4.44.0307212234390.3580-100000@localhost.localdomain>
	<E19fGMZ-0000Zm-00@gondolin.me.apana.org.au>
	<20030723033505.145db6b8.davem@redhat.com>
	<20030723104753.GA2479@gondor.apana.org.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 984
Lines: 24

On Wed, 23 Jul 2003 20:47:53 +1000
Herbert Xu <herbert@gondor.apana.org.au> wrote:

> On Wed, Jul 23, 2003 at 03:35:05AM -0700, David S. Miller wrote:
> > If I know your password is 7 characters I have a smaller
> > space of passwords to search to just brute-force it.
> 
> It's much smaller if you didn't know that it was at most 7 characters
> long.  However, if you did know the upper bound, or you were just
> brute forcing all passwords starting from 1 character, then the
> difference is relatively minor.  This is because
> 
> n + n^2 + n^3 + n^4 + n^5 + n^6
> 
> is much smaller than n^7 where n is something like 62 for a reasonable
> password.

"7" in my example is an arbitrary number, increase it to any larger
number you like.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/