Rich Freeman on 6 Apr 2017 11:47:31 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Re: [PLUG] Password managers |
On Thu, Apr 6, 2017 at 2:23 PM, Steve Litt <slitt@troubleshooters.com> wrote: > On Wed, 05 Apr 2017 13:06:05 -0400 > <jvoris@axs2000.net> wrote: > >> This may be a little off-subject >> >> I just had a discussion on the topic of passwords on another listserv, >> and this cartoon makes a valid point that Password Rules on a 10A >> password are just not as good as a plain 128 character password. >> >> https://xkcd.com/936/ > > I'd hardly call "correct horse battery staple" easy to remember. > Probably not that hard to guess using a dictionary attack either. > The first bit seems somewhat subjective, but the second bit is quite straightforward to measure, and indeed in the comic itself estimates it at 44 bits of entropy. Now, this is probably based on the size of the dictionary and the assumption that all words in that dictionary are equally likely to be selected. If you're using a password generator to generate a single password and sticking with it that would be completely accurate. If you're just guessing your own words or looking at a page of suggestions and picking the most memorable one, then it seems likely that the "real" dictionary is smaller. I suspect somebody is much more likely to pick "horse" than "brusquely" - to pick something random from /usr/share/dict/ -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug