From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
Sent: Sunday, October 17, 2004 2:21 PM
To: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Senior M$ member says stop
using passwords completely!
On Sat, 16 Oct 2004, Frank Knobbe wrote:
It's a nice recommendation of MS to make (to use long passphrases
instead of passwords). But I don't consider 14 chars a "passphrase".
Perhaps they should enable more/all password components to
A passphrase consisting of 7 words and 12 bits of entropy per
a word is as guessable as a password with 14 characters and 6
bits of entropy per a character. You get 84 bits of total
entropy in both cases.
The only advantage of passphrases is that lusers might find
long random sequences of words easier to remember than long
random sequences of characters.
(But wait: 12 bits of entropy per a word--this is equivalent
to a uniform choice of one word out of 4096. 4 thousand? That
might exceed an average luser's vocabulary by an order of
--Pavel Kankovsky aka Peak [ Boycott
Microsoft--http://www.vcnet.com/bms ] "Resistance is futile.
Open your source code and prepare for assimilation."
Full-Disclosure - We believe in it.