Re: [dev] [PATCH] [ubase] Simplify login
Heyho,
FRIGN wrote:
> In which way is a /etc/passwd with hundreds of users less secure than a
> smaller one? Do many hashes in one place magically reduce the overall
> security?
Not precisely. But if you have a large amount of users, the probability that one
of them chose a weak common password is higher than for a small set of users.
Say you want to check your u users against the n most common passwords. Let p be
the probability for a user choosing one of the n passwords. Then you have at
least one user with a weak password with a probability of:
1 - (1-p)^u
So with u growing linearly, you have linearly more work to check all users
against the n passwords (assume a unique salt value per user), but exponentially
growing probability of finding a match.
So for systems with large user counts it is easier to find a user with a weak
password, but it does not influence your user account at all if you use a strong
(strong = password is not one of the n most common ones) password.
--Markus
Received on Wed Jun 04 2014 - 17:46:40 CEST
This archive was generated by hypermail 2.3.0
: Wed Jun 04 2014 - 17:48:11 CEST