I've often wondered about the differences in passwords -- all lower case, mixed case, lower case and numerics, mix case and numerics, all the previous and with special characters, just special characters, etc....
The thing is, they are all coming from a pool of 256 bytes. The alpha numerics between 0 and 127, and the higher set from 128 to 256. Does it really matter which combination of ANY of those characters (0-256) are used? In my mind, only one thing makes any difference -- length of the password. Some apps and sites limit the length of the password, or truncate it to some fixed upper number, so even the length of the password is defeated.
My passwords are phrases of three or four words, sometimes with numbers or punctuation, averaging 16 characters. Always longer, but easy to remember. I read that even 4096 bit RSA keys have been cracked using a "side channel attack". Besides the acoustic attack on the 4096 bit key, the 1024 bit RSA key was cracked in 2010. My PGP keys are either 2048 or 4096.
However, considering the resources behind the NSA, including $80M targeted to build a quantum computer that could crack most if not all key, one wonders if they have that already.
Google has purchased a D-Wave Systems quantum computer, so I am not sure why NSA is trying to build one, and suspect that their announcement is merely a smoke screen.
The thing is, they are all coming from a pool of 256 bytes. The alpha numerics between 0 and 127, and the higher set from 128 to 256. Does it really matter which combination of ANY of those characters (0-256) are used? In my mind, only one thing makes any difference -- length of the password. Some apps and sites limit the length of the password, or truncate it to some fixed upper number, so even the length of the password is defeated.
My passwords are phrases of three or four words, sometimes with numbers or punctuation, averaging 16 characters. Always longer, but easy to remember. I read that even 4096 bit RSA keys have been cracked using a "side channel attack". Besides the acoustic attack on the 4096 bit key, the 1024 bit RSA key was cracked in 2010. My PGP keys are either 2048 or 4096.
However, considering the resources behind the NSA, including $80M targeted to build a quantum computer that could crack most if not all key, one wonders if they have that already.
Google has purchased a D-Wave Systems quantum computer, so I am not sure why NSA is trying to build one, and suspect that their announcement is merely a smoke screen.
Comment