Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Forums → Software and Operating Systems →

Security → Re: Good Passwords Made Easy

uniqs
12

« Wireshark • Do you still use Windows? »

This is a sub-selection from Good Passwords Made Easy

Ian1 Premium Member join:2002-06-18 ON	Ian1 to KodiacZiller Premium Member 2012-Nov-13 12:54 pm to KodiacZiller Re: Good Passwords Made Easy said by KodiacZiller: If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method. I'm aware of that. But that wasn't the complexity calculation used by the cartoon author.
	actions · 2012-Nov-13 12:54 pm ·
AVD Respice, Adspice, Prospice Premium Member join:2003-02-06 Onion, NJ 1 recommendation	AVD Premium Member 2012-Nov-13 1:06 pm Rule of Thumb: if you need a NYT article to tell you the rules about passwords, you are already doomed.
	actions · 2012-Nov-13 1:06 pm ·

KodiacZiller Premium Member join:2008-09-04 73368	KodiacZiller to Ian1 Premium Member 2012-Nov-13 8:15 pm to Ian1 said by Ian1: said by KodiacZiller: If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method. I'm aware of that. But that wasn't the complexity calculation used by the cartoon author. Maybe not, but the diceware method is still the best way to create strong passwords that are easy to remember. For example, let's say that you have a word list of 10,000 English words to choose from. Let's further assume your adversary knows that you used this list. Here's the entropy for passwords made with different lengths: 4 words = 53 bits 5 words = 66 bits 6 words = 80 bits 7 words = 93 bits So you'll need at least 6 words to be sure that the password won't be cracked. 80 bits is plenty strong. The nice thing about this is the adversary can know the wordlist and it doesn't matter as long as your password is long enough and chosen randomly.
	actions · 2012-Nov-13 8:15 pm ·

sivran Vive Vivaldi Premium Member join:2003-09-15 Irving, TX	sivran Premium Member 2012-Nov-13 9:47 pm Now if only we could get all websites to accept the long passwords required for such an approach.
	actions · 2012-Nov-13 9:47 pm ·
Ian1 Premium Member join:2002-06-18 ON	Ian1 Premium Member 2012-Nov-14 1:41 am said by sivran: Now if only we could get all websites to accept the long passwords required for such an approach. Well, that and the fact that typing in a 6 word password is a little on the cumbersome side.
	actions · 2012-Nov-14 1:41 am ·
Kilroy MVM join:2002-11-21 Saint Paul, MN	Kilroy to sivran MVM 2012-Nov-14 7:39 am to sivran said by sivran: Now if only we could get all websites to accept the long passwords required for such an approach. Amen. There should be no limit on length, other than maybe less than 256. It ticks me off that I can only have a 12 character password on my 401k, as I've moved up to 15 character passwords.
	actions · 2012-Nov-14 7:39 am ·

Forums → Software and Operating Systems → Security	« Wireshark • Do you still use Windows? »
This is a sub-selection from Good Passwords Made Easy