[dba-Tech] Cross post - Password security

John Bartow john at winhaven.net
Thu Aug 11 09:50:12 CDT 2011 

Hi Jim,
Given that, what would he recommend for password discipline?

I've personally gone to 16 characters or more auto generated, random
passwords using all characters allowed by a site. I honestly don't know too
many passwords anymore. Pretty much just the one to open my password
manager.

-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Jim Lawrence
Sent: Thursday, August 11, 2011 9:06 AM
To: 'Discussion of Hardware and Software issues'
Subject: Re: [dba-Tech] Cross post - Password security

Here is a comment for a very good systems guy on that level and type of
password:

"Yep. I saw that. Unfortunately, it is flawed. Reason being that the average
person only has a small vocabulary and therefore this does not increase the
entropy as much as suggested. In fact, a four word password could easily be
cracked within a few days with current CPU/GPU technology. It's a nice idea
though, which does lead to decent password strength if you tweak the idea a
bit with something like putting x many underscores in front of the password
and something like that. A bit like salting your hash function."

Jim


-----Original Message-----
From: dba-tech-bounces at databaseadvisors.com
[mailto:dba-tech-bounces at databaseadvisors.com] On Behalf Of Stuart McLachlan
Sent: Wednesday, August 10, 2011 2:24 PM
To: 'Off Topic'; 'Discussion of Hardware and Software issues'
Subject: Re: [dba-Tech] Cross post - Password security

Talk about co-incidence.  Today's xkcd: 

http://xkcd.com/936/



--
Stuart

On 10 Aug 2011 at 20:57, Jon Tydda wrote:

> Hi all
> 
> Someon'e just posted this on my wall on facebook, and it looks really 
> interesting, thought I'd share it.
> 
> https://www.grc.com/haystack.htm
> 
> 
> Jon
> _______________________________________________
> dba-Tech mailing list
> dba-Tech at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-tech
> Website: http://www.databaseadvisors.com
> 



_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

_______________________________________________
dba-Tech mailing list
dba-Tech at databaseadvisors.com
http://databaseadvisors.com/mailman/listinfo/dba-tech
Website: http://www.databaseadvisors.com

More information about the dba-Tech mailing list