1 |
From: Alan McKinnon [mailto:alan.mckinnon@×××××.com] |
2 |
Sent: Wednesday, January 11, 2012 5:48 PM |
3 |
|
4 |
> On Wed, 11 Jan 2012 17:08:04 -0500 |
5 |
> Michael Mol <mikemol@×××××.com> wrote: |
6 |
> |
7 |
> > I'm seriously unconvinced that concatenating words significantly |
8 |
> > increases the difficulty of the problem. Just as a mentalist will |
9 |
> > presume you're thinking about '7', your average demographic would |
10 |
> > probably draw from a small pool of source words, even latching on to |
11 |
> > catchphrases and other memes. You're likely to see |
12 |
> > "steamingmonkeypile", "nyanyanyan", "dontsaycandleja-" and |
13 |
> > "hasturhasturhast-" used more than once, for example. I'd give a |
14 |
> > better list of likely results, but I don't want to run too far afoul |
15 |
> > of good taste in public posting. :) |
16 |
> |
17 |
> I agree. Longer pass{words,phrases} only increases the difficulty of the |
18 |
> problem, but not significantly so. |
19 |
|
20 |
After I read the aforementioned xkcd comic, my main question was how he |
21 |
defined the various bits of entropy for each "thing" done to a password. |
22 |
That seemed to be a crucial determining factor in why the "common words" |
23 |
password appeared so much harder than the "goofy gibberish" one. Some seemed |
24 |
more obvious to me than others. |
25 |
|
26 |
I'm also curious, using the latest modern password-cracking techniques, if |
27 |
his assessment really is accurate. As in, which of the following two |
28 |
passwords would take longer to crack: |
29 |
|
30 |
#purpl3.R$!n# |
31 |
|
32 |
dovesymbolcarprince |
33 |
|
34 |
--K |