Dan Waters
df.waters at comcast.net
Thu Aug 11 16:12:28 CDT 2011
I could easily 1heart.xkcd2, or 'I Love XKCD Too'. Just an example of slight tweaking to a personal phrase that would increase the time to crack. -----Original Message----- From: dba-tech-bounces at databaseadvisors.com [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan Sent: Thursday, August 11, 2011 4:08 PM To: Discussion of Hardware and Software issues Subject: Re: [dba-Tech] Cross post - Password security Your systems guy has missed the point. It is only easily cracked if the password rules are "must be four english words" and the attacker knows that fact. If the rules are "use any mixture of upper and lower case, digits and special characters" then your private choice to concatenate several words makes it easier to remember without making it easier to crack. In that situation, ManBearPig or manbearpig is just as secure as M*aBbbbP11. -- Stuart On 11 Aug 2011 at 7:06, Jim Lawrence wrote: > Here is a comment for a very good systems guy on that level and type > of password: > > "Yep. I saw that. Unfortunately, it is flawed. Reason being that the > average person only has a small vocabulary and therefore this does not > increase the entropy as much as suggested. In fact, a four word > password could easily be cracked within a few days with current > CPU/GPU technology. It's a nice idea though, which does lead to decent > password strength if you tweak the idea a bit with something like > putting x many underscores in front of the password and something like > that. A bit like salting your hash function." > > Jim > > > -----Original Message----- > From: dba-tech-bounces at databaseadvisors.com > [mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart > McLachlan Sent: Wednesday, August 10, 2011 2:24 PM To: 'Off Topic'; > 'Discussion of Hardware and Software issues' Subject: Re: [dba-Tech] > Cross post - Password security > > Talk about co-incidence. Today's xkcd: > > http://xkcd.com/936/ > > > > -- > Stuart > > On 10 Aug 2011 at 20:57, Jon Tydda wrote: > > > Hi all > > > > Someon'e just posted this on my wall on facebook, and it looks > > really interesting, thought I'd share it. > > > > https://www.grc.com/haystack.htm > > > > > > Jon > > _______________________________________________ > > dba-Tech mailing list > > dba-Tech at databaseadvisors.com > > http://databaseadvisors.com/mailman/listinfo/dba-tech > > Website: http://www.databaseadvisors.com > > > > > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > > _______________________________________________ > dba-Tech mailing list > dba-Tech at databaseadvisors.com > http://databaseadvisors.com/mailman/listinfo/dba-tech > Website: http://www.databaseadvisors.com > _______________________________________________ dba-Tech mailing list dba-Tech at databaseadvisors.com http://databaseadvisors.com/mailman/listinfo/dba-tech Website: http://www.databaseadvisors.com