 IanPremium
join:2002-06-18
ON
kudos:1
 ·Rogers Hi-Speed
| reply to KodiacZiller
Re: Good Passwords Made Easy said by KodiacZiller:If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method.
I'm aware of that. But that wasn't the complexity calculation used by the cartoon author.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong |
|
 AVDRespice, Adspice, ProspicePremium
join:2003-02-06
Onion, NJ
kudos:1 | Rule of Thumb: if you need a NYT article to tell you the rules about passwords, you are already doomed.
--
* seek help if having trouble coping
--Standard disclaimers apply.-- |
|
| reply to Ian
said by Ian:said by KodiacZiller:If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method.
I'm aware of that. But that wasn't the complexity calculation used by the cartoon author. Maybe not, but the diceware method is still the best way to create strong passwords that are easy to remember.
For example, let's say that you have a word list of 10,000 English words to choose from. Let's further assume your adversary *knows* that you used this list. Here's the entropy for passwords made with different lengths:
4 words = 53 bits
5 words = 66 bits
6 words = 80 bits
7 words = 93 bits
So you'll need at least 6 words to be sure that the password won't be cracked. 80 bits is plenty strong. The nice thing about this is the adversary can know the wordlist and it doesn't matter as long as your password is long enough and chosen *randomly*.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999 |
|
 sivranOpera ex-patPremium
join:2003-09-15
Arlington, TX
kudos:1 | Now if only we could get all websites to accept the long passwords required for such an approach. |
|
IanPremium
join:2002-06-18
ON
kudos:1 Reviews:
·Rogers Hi-Speed
| said by sivran:Now if only we could get all websites to accept the long passwords required for such an approach.
Well, that and the fact that typing in a 6 word password is a little on the cumbersome side. 
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong |
|
|
|
 KilroyPremium,MVM
join:2002-11-21
Ann Arbor, MI | reply to sivran
said by sivran:Now if only we could get all websites to accept the long passwords required for such an approach.
Amen. There should be no limit on length, other than maybe less than 256. It ticks me off that I can only have a 12 character password on my 401k, as I've moved up to 15 character passwords.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein |
|
