| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 12.01.2012 00:09, Mike Edenfield wrote: |
| 5 |
> From: Alan McKinnon [mailto:alan.mckinnon@×××××.com] Sent: |
| 6 |
> Wednesday, January 11, 2012 5:48 PM |
| 7 |
> |
| 8 |
>> On Wed, 11 Jan 2012 17:08:04 -0500 Michael Mol |
| 9 |
>> <mikemol@×××××.com> wrote: |
| 10 |
>> |
| 11 |
>>> I'm seriously unconvinced that concatenating words |
| 12 |
>>> significantly increases the difficulty of the problem. Just as |
| 13 |
>>> a mentalist will presume you're thinking about '7', your |
| 14 |
>>> average demographic would probably draw from a small pool of |
| 15 |
>>> source words, even latching on to catchphrases and other memes. |
| 16 |
>>> You're likely to see "steamingmonkeypile", "nyanyanyan", |
| 17 |
>>> "dontsaycandleja-" and "hasturhasturhast-" used more than once, |
| 18 |
>>> for example. I'd give a better list of likely results, but I |
| 19 |
>>> don't want to run too far afoul of good taste in public |
| 20 |
>>> posting. :) |
| 21 |
>> |
| 22 |
>> I agree. Longer pass{words,phrases} only increases the difficulty |
| 23 |
>> of the problem, but not significantly so. |
| 24 |
> |
| 25 |
> After I read the aforementioned xkcd comic, my main question was |
| 26 |
> how he defined the various bits of entropy for each "thing" done to |
| 27 |
> a password. That seemed to be a crucial determining factor in why |
| 28 |
> the "common words" password appeared so much harder than the "goofy |
| 29 |
> gibberish" one. Some seemed more obvious to me than others. |
| 30 |
> |
| 31 |
> I'm also curious, using the latest modern password-cracking |
| 32 |
> techniques, if his assessment really is accurate. As in, which of |
| 33 |
> the following two passwords would take longer to crack: |
| 34 |
> |
| 35 |
> #purpl3.R$!n# |
| 36 |
> |
| 37 |
> dovesymbolcarprince |
| 38 |
> |
| 39 |
> --K |
| 40 |
> |
| 41 |
> |
| 42 |
|
| 43 |
Since both passwords are of nearly same length, the argument from the |
| 44 |
comic is not fulfilled: if you would use |
| 45 |
armageddonholycowencryptionworkshop you would have a relatively easy |
| 46 |
to remember, long password. |
| 47 |
|
| 48 |
Password length is far more important than using special characters... [1] |
| 49 |
|
| 50 |
|
| 51 |
[1] |
| 52 |
http://www.infoworld.com/d/security-central/password-size-does-matter-531 |
| 53 |
-----BEGIN PGP SIGNATURE----- |
| 54 |
Version: GnuPG v2.0.18 (GNU/Linux) |
| 55 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 56 |
|
| 57 |
iQEcBAEBAgAGBQJPDh7sAAoJEJwwOFaNFkYcV8MIAK9VekY88JElF9n9dEOSFOq1 |
| 58 |
g/RajBSrAaVbR/WV84DQ8xGGOLSIFMUFRWXTRcVEufCw0fXu6OBvKIsXhgZbWK1v |
| 59 |
DEYsQInIk73YGIeyCImd95nXZbswD7cbpGA7g9h/0u2d8+tbvqSIP/fNAKAUU0Yi |
| 60 |
uj3YiBz3ZXF+PZhvN5H0ZbKo1h7FOspzrd8UeSAzCBYJJeFEnpihWsfDiYdMYZrz |
| 61 |
AnAN6tk/llWfYsJkVaVpsjwHjzsDCCgUhmqL30kV2l24ngg5WeEXDcuuEoFdQGIK |
| 62 |
eV6CP6NSxSIPfQ4qEi2FTKzPLhHR6YhT/EVfYwis/OyYMSXatW+s7oNaqdjGAbg= |
| 63 |
=aKCH |
| 64 |
-----END PGP SIGNATURE----- |
Archives