Rich Freeman on 6 Apr 2017 11:47:31 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Password managers

On Thu, Apr 6, 2017 at 2:23 PM, Steve Litt <> wrote:
> On Wed, 05 Apr 2017 13:06:05 -0400
> <> wrote:
>> This may be a little off-subject
>> I just had a discussion on the topic of passwords on another listserv,
>> and this cartoon makes a valid point that Password Rules on a 10A
>> password are just not as good as a plain 128 character password.
> I'd hardly call "correct horse battery staple" easy to remember.
> Probably not that hard to guess using a dictionary attack either.

The first bit seems somewhat subjective, but the second bit is quite
straightforward to measure, and indeed in the comic itself estimates
it at 44 bits of entropy.

Now, this is probably based on the size of the dictionary and the
assumption that all words in that dictionary are equally likely to be
selected.  If you're using a password generator to generate a single
password and sticking with it that would be completely accurate.  If
you're just guessing your own words or looking at a page of
suggestions and picking the most memorable one, then it seems likely
that the "real" dictionary is smaller.  I suspect somebody is much
more likely to pick "horse" than "brusquely" - to pick something
random from /usr/share/dict/

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --