dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
4
share rss forum feed


KodiacZiller
Premium
join:2008-09-04
73368
kudos:2
reply to Ian

Re: Good Passwords Made Easy

said by Ian:

said by KodiacZiller:

If the words are chosen perfectly randomly from an English dictionary, then the machine would have to guess from the dictionary randomly. This is the whole idea behind the diceware method.

I'm aware of that. But that wasn't the complexity calculation used by the cartoon author.

Maybe not, but the diceware method is still the best way to create strong passwords that are easy to remember.

For example, let's say that you have a word list of 10,000 English words to choose from. Let's further assume your adversary *knows* that you used this list. Here's the entropy for passwords made with different lengths:

4 words = 53 bits
5 words = 66 bits
6 words = 80 bits
7 words = 93 bits

So you'll need at least 6 words to be sure that the password won't be cracked. 80 bits is plenty strong. The nice thing about this is the adversary can know the wordlist and it doesn't matter as long as your password is long enough and chosen *randomly*.
--
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999


sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

Now if only we could get all websites to accept the long passwords required for such an approach.



Ian
Premium
join:2002-06-18
ON
kudos:3

said by sivran:

Now if only we could get all websites to accept the long passwords required for such an approach.

Well, that and the fact that typing in a 6 word password is a little on the cumbersome side.
--
“Any claim that the root of a problem is simple should be treated the same as a claim that the root of a problem is Bigfoot. Simplicity and Bigfoot are found in the real world with about the same frequency.” – David Wong


Kilroy
Premium,MVM
join:2002-11-21
Saint Paul, MN
reply to sivran

said by sivran:

Now if only we could get all websites to accept the long passwords required for such an approach.

Amen. There should be no limit on length, other than maybe less than 256. It ticks me off that I can only have a 12 character password on my 401k, as I've moved up to 15 character passwords.
--
“Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something.” ¯ Robert A. Heinlein