Re: 2.4.22-pre7: are security issues solved?

From: Herbert Xu (
Date: Wed Jul 23 2003 - 05:47:53 EST

On Wed, Jul 23, 2003 at 03:35:05AM -0700, David S. Miller wrote:
> If I know your password is 7 characters I have a smaller
> space of passwords to search to just brute-force it.

It's much smaller if you didn't know that it was at most 7 characters
long. However, if you did know the upper bound, or you were just
brute forcing all passwords starting from 1 character, then the
difference is relatively minor. This is because

n + n^2 + n^3 + n^4 + n^5 + n^6

is much smaller than n^7 where n is something like 62 for a reasonable

So if your password was broken using this method, then it's probably
too short anyway.

Debian GNU/Linux 3.0 is out! ( )
Email:  Herbert Xu ~{PmV>HI~} <>
Home Page:
PGP Key:
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Wed Jul 23 2003 - 22:00:48 EST