| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041017192107.1951.qmail@paddy.troja.mff.cuni.cz> From: peak at argo.troja.mff.cuni.cz (Pavel Kankovsky) Subject: Senior M$ member says stop using passwords completely! On Sat, 16 Oct 2004, Frank Knobbe wrote: > It's a nice recommendation of MS to make (to use long passphrases > instead of passwords). But I don't consider 14 chars a "passphrase". > Perhaps they should enable more/all password components to handle much > longer passwords/phrases. A passphrase consisting of 7 words and 12 bits of entropy per a word is as guessable as a password with 14 characters and 6 bits of entropy per a character. You get 84 bits of total entropy in both cases. The only advantage of passphrases is that lusers might find long random sequences of words easier to remember than long random sequences of characters. (But wait: 12 bits of entropy per a word--this is equivalent to a uniform choice of one word out of 4096. 4 thousand? That might exceed an average luser's vocabulary by an order of magnitude! ;>) --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Powered by blists - more mailing lists