[clug] [OT] all text passwords == secure?
Kim Holburn
Kim.Holburn at gmail.com
Mon Aug 27 20:34:31 MDT 2012
On 2012/Aug/28, at 8:59 AM, Scott Ferguson wrote:
> A dictionary attack is too easy - and it's the first attack tried. Add
> just one non alpha character to that multi word string and only brute
> force will guess it - then you have a much harder password to break.
> Much, much harder.
No you don't. If you look at this link:
https://secure.wikimedia.org/wikipedia/en/wiki/Password_strength
There's a table that shows that adding more character sets - say alphanumeric or even printable ascii gives you no more Information entropy than adding 2 or three extra letters in a plain alpha password of around 8 letters. The formula for information entropy shows this clearly.
In fact read almost any of those links I sent before and they show the same thing. Password length triumphs easily and quickly over adding character class. Despite your feeling that it does a lot, and many people have this feeling, it doesn't get you much at all.
Kim
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the linux
mailing list