| 1 |
From: Alan McKinnon [mailto:alan.mckinnon@×××××.com] |
| 2 |
Sent: Wednesday, January 11, 2012 5:48 PM |
| 3 |
|
| 4 |
> On Wed, 11 Jan 2012 17:08:04 -0500 |
| 5 |
> Michael Mol <mikemol@×××××.com> wrote: |
| 6 |
> |
| 7 |
> > I'm seriously unconvinced that concatenating words significantly |
| 8 |
> > increases the difficulty of the problem. Just as a mentalist will |
| 9 |
> > presume you're thinking about '7', your average demographic would |
| 10 |
> > probably draw from a small pool of source words, even latching on to |
| 11 |
> > catchphrases and other memes. You're likely to see |
| 12 |
> > "steamingmonkeypile", "nyanyanyan", "dontsaycandleja-" and |
| 13 |
> > "hasturhasturhast-" used more than once, for example. I'd give a |
| 14 |
> > better list of likely results, but I don't want to run too far afoul |
| 15 |
> > of good taste in public posting. :) |
| 16 |
> |
| 17 |
> I agree. Longer pass{words,phrases} only increases the difficulty of the |
| 18 |
> problem, but not significantly so. |
| 19 |
|
| 20 |
After I read the aforementioned xkcd comic, my main question was how he |
| 21 |
defined the various bits of entropy for each "thing" done to a password. |
| 22 |
That seemed to be a crucial determining factor in why the "common words" |
| 23 |
password appeared so much harder than the "goofy gibberish" one. Some seemed |
| 24 |
more obvious to me than others. |
| 25 |
|
| 26 |
I'm also curious, using the latest modern password-cracking techniques, if |
| 27 |
his assessment really is accurate. As in, which of the following two |
| 28 |
passwords would take longer to crack: |
| 29 |
|
| 30 |
#purpl3.R$!n# |
| 31 |
|
| 32 |
dovesymbolcarprince |
| 33 |
|
| 34 |
--K |
Archives