Bit Strength Threshold
As a practical matter, passwords must be both reasonable and functional for the end user as well as strong enough for the intended purpose. Passwords that are too difficult to remember may be forgotten and so are more likely to be written on paper, which some consider a security risk. In contrast, others argue that forcing users to remember passwords without assistance can only accommodate weak passwords, and thus poses a greater security risk. According to Bruce Schneier, most people are good at securing their wallets or purses, which is a "great place" to store a written password.
Some basic benchmarks have been established for brute force searches in the context of attempting to find keys used in encryption. The problem is not the same since these approaches involve astronomical numbers of trials, but the results are suggestive for password choice. In 1999, an Electronic Frontier Foundation project broke 56-bit DES encryption in less than a day using specially designed hardware. In 2002, distributed.net cracked a 64-bit key in 4 years, 9 months, and 23 days. As of October 12, 2011, distributed.net estimates that cracking a 72-bit key using current hardware will take about 45,579 days or 124.8 years. Due to currently understood limitations from fundamental physics, there is no expectation that any digital computer (or combination) will be capable of breaking 256-bit encryption via a brute-force attack. Whether or not quantum computers will be able to do so in practice is still unknown, though theoretical analysis suggests such possibilities.
As a result, there can be no exact answer to the somewhat different problem of the password strength required to resist brute force attack in practice. NIST recommends 80-bits for the most secure passwords, which can nearly be achieved with a 95-character choice (e.g., the original ASCII character set) with a 12-character random password (12 x 6.5 bits = 78). A 2010 Georgia Tech Research Institute study also recommended a 12-character random password, but as a minimum length requirement.
Read more about this topic: Password Strength
Famous quotes containing the words bit, strength and/or threshold:
“she bit the towel and called on God
and I saw her life stretch out . . .
I saw her torn in childbirth,
and I saw her, at that moment,
in her own death and I knew that she
knew.”
—Anne Sexton (1928–1974)
“The essence of the modern state is that the universal be bound up with the complete freedom of its particular members and with private well-being, that thus the interests of family and civil society must concentrate themselves on the state.... It is only when both these moments subsist in their strength that the state can be regarded as articulated and genuinely organized.”
—Georg Wilhelm Friedrich Hegel (1770–1831)
“I am admonished in many ways that time is pushing me inexorably along. I am approaching the threshold of age; in 1977 I shall be 142. This is no time to be flitting about the earth. I must cease from the activities proper to youth and begin to take on the dignities and gravities and inertia proper to that season of honorable senility which is on its way.”
—Mark Twain [Samuel Langhorne Clemens] (1835–1910)