[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Password Difficulties



[email protected] writes:
>I make a point of using at least one non-dictionary word in every
>passphase I make.

Something pronouncable?  Something that follows rules of some natural
language, something short that could have been a word?

Good, but not the whole cigar.  Last I used VMS you could get it to
suggest non-word word-a-likes to use as your password.  Seems terrible
brute forcable in 1994.  

Adding a non-word to a pass phrase is like increasing the size of the
dictionary, and if you only do one non-word then only *that* word
picks up more bits of entropy in the phrase.  Yes, there are bits in
where you put the word, but the whole phrase did not become made of
deep bits.

But my point is really that even these often-less-good-than-they-look
measures are far better than what *real* people are going to do.


-kb, the Kent who wonders whether real people will ever have decent security


--
Kent Borg                                                  +1 (617) 776-6899
[email protected]                                
[email protected]                                      
          Proud to claim 31:15 hours of TV viewing so far in 1994!