How long does it take to attack a passphrase?
We can assume that a 1 million key per second key cracker is possible. A Pentium executes about 1 instruction per clock cycle with pipelining [3]. Using a 200Mhz Pentium and minimal instructions shows us that a small program will run 1 million times per second. The Cyrix 6×86 is faster for an identical clock speed and RISC chips are even faster. This means that without stretching current technology much, we can program a desk top computer and try 1E6 * 60 * 60 * 24 * 365.25 = 3.15576E13 keys per year. A key of random words must be log(3.16E13) / log(74,000) = 2.77 or 3 words to last longer than an average of 6 months. The random 3 word key has all keys searched in about 1 year. In the end, what we are really trying to do is stop a dumb computer attack. The smarter the computer gets, the slower the computer gets. We can always build custom hardware and just use the computer as a monitor or controller. 2.7.1 Something anyone can do In an experiment on a 486DX2-66 w/128k cache, a RAM driv
