[GNC] Recommendations for hosting gnucash file - Google Drive, Microsoft 365, Local server?

Stephen M. Butler kg7je at arrl.net
Thu Sep 12 13:57:34 EDT 2024


On 9/11/24 23:03, Chris Green wrote:
> No, it's impossible to get back to the password from the 'scrambled'
> string.  The **only** way to validate your password is to encrypt the
> password you enter and then compare the result with the 'scrambled'
> string.
>
> In particular the only way to discover a password is to 'brute force'
> it by trying zillions of possible passwords until one, when encryted,
> produces the required 'scrambled' string.
Well, in a fashion.  Given the size of disk drives all one needs to do 
is pre-compute all possible
scrambles of strings up to a certain size.  I think the current estimate 
is that this has been done for
all strings up to (maybe including) 8 characters long.

Then all you do is look up the scrambled value and see what string (or 
in some cases, set of strings)
pre-computes to that value.

Which is why most sites now want a password of at least 8 
characters.More relevant to the original question is that it's even more
> difficult to break encryption like the above when the 'password' that
> you're trying to obtain is actually a large chunk of text.  Even if
> you happen to know it's (say) 1000 characters long brute forcing it is
> quite impossible.

The current number of printable characters is 95 per position.  So all 
possible  8 character strings is 95^8 -- about 6 PB.
Not trivial but much better than brute forcing.  Which is why my minimum 
password length is way longer than that!

Recently ran into a bank that had a max length much shorter than my 
personal limit.  They are no longer in business -- I doubt my
complaint had much to do with their merger!

BTW, who remembers a 1000 character password anyway!  I know, use a 
password manager -- but then you have to trust that it is secure.


More information about the gnucash-user mailing list