|
Full Disclosure
mailing list archives
Re: Senior M$ member says stop using passwords completely!
From: "Pavel Kankovsky" <peak () argo troja mff cuni cz>
Date: Sun, 17 Oct 2004 21:21:07 +0200 (CEST)
On Sat, 16 Oct 2004, Frank Knobbe wrote:
It's a nice recommendation of MS to make (to use long passphrases
instead of passwords). But I don't consider 14 chars a "passphrase".
Perhaps they should enable more/all password components to handle much
longer passwords/phrases.
A passphrase consisting of 7 words and 12 bits of entropy per a word is
as guessable as a password with 14 characters and 6 bits of entropy per
a character. You get 84 bits of total entropy in both cases.
The only advantage of passphrases is that lusers might find long random
sequences of words easier to remember than long random sequences of
characters.
(But wait: 12 bits of entropy per a word--this is equivalent to a uniform
choice of one word out of 4096. 4 thousand? That might exceed an average
luser's vocabulary by an order of magnitude! ;>)
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
- RE: Senior M$ member says stop using passwords completely!, (continued)
Re: Senior M$ member says stop using passwords completely! Frank Knobbe (Oct 16)
Re: Senior M$ member says stop using passwords completely! Andrew Farmer (Oct 20)
RE: Senior M$ member says stop using passwords completely! Aviv Raff (Oct 16)
Re: Senior M$ member says stop using passwords completely! Georgi Guninski (Oct 20)
| 
Intro
