Yeah, but if you read the article you notice that the
set of characters is limited (no difference between upper
and lower case), and the 14 chars are split into two sets
of 7 chars before encrypting - both halves can be attacked
separatedly.
This means that the key space of the domain tried is about
0.03% than that of Unix passwords, if we restrict ourselves
to alphanumerical passwords, like the article does. The
precalculated data used in the article fits on 2 CDs. Assuming
it scales lineary, for an attack on alphanumerical Unix
passwords, you'd need about 12 million CDs (the keyspace is
3000 times as large, and there are 4096 seeds).
The orginal poster asked about 16 character passwords, including
"special" characters. If we assume the special characters
are all printable ASCII characters that aren't letters or
digits, we have a key space of 95**16. Compare this to the
keysize of 36**7 of the article, the former is a tad more.
If we scale the 2 CDs of the article to the problem of the
OP, we'd need more than 10**21 CDs. And that's assuming
you need the same amount of bytes to store a password,
or crypted password, which seems unlikely.
If the OP has a billion computers, each of them capable
of checking 2**32 (4G) keys per second, it would take the
OP almost 325 thousand years to exhaust the key space.
Abigail | [reply] |