heh. I guess that is why mine are so hard to guess. at 8*26 bits just for lowercase and an additional 8*26 for uppercase, 10*8 for the numbers and 15*8 for the various other marks on the 105 key kb and mine being at 20 characters long... thats a lot of time just for a password to crack. so, my password is 160 bits in length and has it having 608 differing bit combinations... per position, somewhere over the next 1,000 years would it be cracked.
the above is just guestimation.
-eric
On Nov 23, 2011, at 4:36 PM, Matt Graham wrote:
> From: Technomage Hawke
>> was that a comic page? I tried to find more than the apology there
>> for the arguments about password security but I was confronted
>> with the bane of every blind person: images that aren't
>> descriptive.
>
> Take a reasonably common password, like "troubaD0r&3". There are about 28
> bits of entropy in that password; 11 for a reasonably random dictionary word,
> a few extra for replacing chars with numbers, a few extra for having a capital
> letter, and a few more for a random punctuation char and a number. 2^28 bits
> of entropy at 1000 guesses per second = 3 days to crack the password. And
> it's hard to remember. Was it trombone? Or troubador? And which O was a
> zero? And there was some symbol....
>
> Take a different password, like "correct horse battery staple". 4 common
> English words, in a random order. This is 44 bits of entropy. 2^44 bits of
> entropy at 1000 guesses per second = 550 years. So it's hard to guess. Is it
> easy to remember? You've already memorized it!
>
> Through 20 years of effort, we've trained people to use passwords that are
> hard for humans to remember, but comparatively easy for machines to guess.
>
> This is not entirely serious (big surprise in a comic strip!) Some systems
> have a max password length, and the number of bits of entropy in those
> passwords is very open to debate. This didn't stop me from writing
> "correcthorsebatterystaple.php", which picked 20 random words from
> /usr/share/dict/words and spat them to stdout. What do you mean "viridian
> Syria cacomixl devilfish" isn't going to work on older Active Directory
> systems? Also, if you have to type in a password ~50 times a day, it's easier
> if it's short.
>
> --
> Matt G / Dances With Crows
> The Crow202 Blog: http://crow202.org/wordpress/
> There is no Darkness in Eternity/But only Light too dim for us to see
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss