[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?
Stephen M. Butler
kg7je at arrl.net
Thu Sep 12 13:57:34 EDT 2024
On 9/11/24 23:03, Chris Green wrote:
> No, it's impossible to get back to the password from the 'scrambled'
> string. The **only** way to validate your password is to encrypt the
> password you enter and then compare the result with the 'scrambled'
> string.
>
> In particular the only way to discover a password is to 'brute force'
> it by trying zillions of possible passwords until one, when encryted,
> produces the required 'scrambled' string.
Well, in a fashion. Given the size of disk drives all one needs to do
is pre-compute all possible
scrambles of strings up to a certain size. I think the current estimate
is that this has been done for
all strings up to (maybe including) 8 characters long.
Then all you do is look up the scrambled value and see what string (or
in some cases, set of strings)
pre-computes to that value.
Which is why most sites now want a password of at least 8
characters.More relevant to the original question is that it's even more
> difficult to break encryption like the above when the 'password' that
> you're trying to obtain is actually a large chunk of text. Even if
> you happen to know it's (say) 1000 characters long brute forcing it is
> quite impossible.
The current number of printable characters is 95 per position. So all
possible 8 character strings is 95^8 -- about 6 PB.
Not trivial but much better than brute forcing. Which is why my minimum
password length is way longer than that!
Recently ran into a bank that had a max length much shorter than my
personal limit. They are no longer in business -- I doubt my
complaint had much to do with their merger!
BTW, who remembers a 1000 character password anyway! I know, use a
password manager -- but then you have to trust that it is secure.
More information about the gnucash-user
mailing list