Date: Fri, 3 Aug 2012 14:57:36 -0400 (EDT) From: "Brad Tilley" <brad@...ystems.com> To: john-users@...ts.openwall.com Subject: Re: any plans to support superlong passwords? Hi Stephen, <snip> > which basically points an average of 8-9 characters (again 1.1 million could all be greater than 16 characters and I don't know it yet... give me 2 years and I can give a better estimate). > > Looking though at the plain text ones (eg rockyou and the various other plaintext ones..) 8 is the average size of passwords there. Usually in the form of the same ones we have been finding for the last 20 years. I agree. Humans being humans, we don't tend to use long passwords unless we are forced to do so. All of the studies I've seen and research I've done point to between 6 to 9 characters as being the average password length on most systems. Sure, there are longer passwords (no one disputes that), 'Password123456!' for example, but 21 to 22 characters as an average? That's simply not a realistic average anywhere on this planet. Perhaps it is for high-security military systems and as we've all seen it certainly is for contrived passwords in the KL contest, but not for a real passwords on real sites intended to be consumed by the masses. It just isn't so. I assume KL devised such an unrealistic average length as an attempt to hinder the GPU teams and rainbow table attacks. It didnt seem to work. Brad
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.