Home page logo

basics logo Security Basics mailing list archives

RE: Suggested "safe" password length
From: "Chris Berry" <compjma () hotmail com>
Date: Fri, 14 Nov 2003 14:25:48 -0800

From: Ashish Sharma [mailto:ashishs () iitg ernet in]
I wanted to have an idea about what should be the suggested range of
password lengths and if there is any upper bound.
I was told that there is a range upto which your password is
encrypted and beyond which the characters are futile. I work on a linux
environment with md5 encryption of passwords enabled.

From: "Michael LaSalvia" <mike () genxweb net>
Many people say 8 or more but I have read some where that multiples
of 7 are the best to use. It may have been in a class or something I
heard that.

If you were using the old DES encrypted ones exactly eight characters is best, for md5 anything reasonably complex should be fine. You want passwords to be as memorable as possible, their complexity should be in direct relation to how long people are allowed to keep them.

Chris Berry
compjma () hotmail com
Systems Administrator
JM Associates

"Ok, so the servers are down, the lights are out, and all I have to work with is a roll of duct tape, a ball point pen, a lighter, and a twenty year old copy of emacs. Where's the problem?"

Is your computer infected with a virus? Find out with a FREE computer virus scan from McAfee. Take the FreeScan now! http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]