1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 12.01.2012 00:09, Mike Edenfield wrote: |
5 |
> From: Alan McKinnon [mailto:alan.mckinnon@×××××.com] Sent: |
6 |
> Wednesday, January 11, 2012 5:48 PM |
7 |
> |
8 |
>> On Wed, 11 Jan 2012 17:08:04 -0500 Michael Mol |
9 |
>> <mikemol@×××××.com> wrote: |
10 |
>> |
11 |
>>> I'm seriously unconvinced that concatenating words |
12 |
>>> significantly increases the difficulty of the problem. Just as |
13 |
>>> a mentalist will presume you're thinking about '7', your |
14 |
>>> average demographic would probably draw from a small pool of |
15 |
>>> source words, even latching on to catchphrases and other memes. |
16 |
>>> You're likely to see "steamingmonkeypile", "nyanyanyan", |
17 |
>>> "dontsaycandleja-" and "hasturhasturhast-" used more than once, |
18 |
>>> for example. I'd give a better list of likely results, but I |
19 |
>>> don't want to run too far afoul of good taste in public |
20 |
>>> posting. :) |
21 |
>> |
22 |
>> I agree. Longer pass{words,phrases} only increases the difficulty |
23 |
>> of the problem, but not significantly so. |
24 |
> |
25 |
> After I read the aforementioned xkcd comic, my main question was |
26 |
> how he defined the various bits of entropy for each "thing" done to |
27 |
> a password. That seemed to be a crucial determining factor in why |
28 |
> the "common words" password appeared so much harder than the "goofy |
29 |
> gibberish" one. Some seemed more obvious to me than others. |
30 |
> |
31 |
> I'm also curious, using the latest modern password-cracking |
32 |
> techniques, if his assessment really is accurate. As in, which of |
33 |
> the following two passwords would take longer to crack: |
34 |
> |
35 |
> #purpl3.R$!n# |
36 |
> |
37 |
> dovesymbolcarprince |
38 |
> |
39 |
> --K |
40 |
> |
41 |
> |
42 |
|
43 |
Since both passwords are of nearly same length, the argument from the |
44 |
comic is not fulfilled: if you would use |
45 |
armageddonholycowencryptionworkshop you would have a relatively easy |
46 |
to remember, long password. |
47 |
|
48 |
Password length is far more important than using special characters... [1] |
49 |
|
50 |
|
51 |
[1] |
52 |
http://www.infoworld.com/d/security-central/password-size-does-matter-531 |
53 |
-----BEGIN PGP SIGNATURE----- |
54 |
Version: GnuPG v2.0.18 (GNU/Linux) |
55 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
56 |
|
57 |
iQEcBAEBAgAGBQJPDh7sAAoJEJwwOFaNFkYcV8MIAK9VekY88JElF9n9dEOSFOq1 |
58 |
g/RajBSrAaVbR/WV84DQ8xGGOLSIFMUFRWXTRcVEufCw0fXu6OBvKIsXhgZbWK1v |
59 |
DEYsQInIk73YGIeyCImd95nXZbswD7cbpGA7g9h/0u2d8+tbvqSIP/fNAKAUU0Yi |
60 |
uj3YiBz3ZXF+PZhvN5H0ZbKo1h7FOspzrd8UeSAzCBYJJeFEnpihWsfDiYdMYZrz |
61 |
AnAN6tk/llWfYsJkVaVpsjwHjzsDCCgUhmqL30kV2l24ngg5WeEXDcuuEoFdQGIK |
62 |
eV6CP6NSxSIPfQ4qEi2FTKzPLhHR6YhT/EVfYwis/OyYMSXatW+s7oNaqdjGAbg= |
63 |
=aKCH |
64 |
-----END PGP SIGNATURE----- |