<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<font face="DejaVu Sans Mono">Not intended to be definitive; just a
heads-up that we need to get have sufficient entropy --- whatever
that may be.<br>
<br>
Have you read the Wired article on what the NSA is building in
Utah?<br>
</font><br>
On 04/08/2012 05:13 PM, Shawn Willden wrote:
<blockquote
cite="mid:CABmbAp3cB6rOPEQieiJGNaXhxdo_to5D51-wN4zD0x25UvjpUA@mail.gmail.com"
type="cite">I find that strip rather disappointing (even after
correcting the URL so it works). Munroe usually does his homework
better than that. 44 bits of entropy really isn't very much these
days, and his estimate of 550 years to guess assumes a 1000
passwords per second testing rate, which is at least three orders
of magnitude too low -- for a single CPU. Throw a thousand CPUs
at it (not terribly difficult or expensive using Amazon or
similar) and you can easily exceed a billion tests per second for
many common password hashing algorithms.</blockquote>
</body>
</html>