On Mon, 30 Jul 2012, Andrei POPESCU wrote: > On Du, 29 iul 12, 22:27:08, Henrique de Moraes Holschuh wrote: > > On Sun, 29 Jul 2012, Brian wrote: > > > used. But if it can be demonstrated that a twenty character password can > > > be forced in a time-frame which makes sense I'll stop doing it and most > > > > That depends. Are you using any dictionary words or easy character > > permutations thereof to make a pass-phrase? If so, your 20-char password is > > a lot weaker than what one might expect at first glance. > > http://xkcd.com/936/ > > (I wonder how much truth there is behind this comic...)
Don't bother wondering. Read the paper. http://arstechnica.com/business/2012/03/passphrases-only-marginally-more-secure-than-passwords-because-of-poor-choices/ http://www.readwriteweb.com/enterprise/2012/03/passphrases-maybe-not-as-secur.php You need to have gibberish passphrases if you want it to be secure... -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120730101405.gb22...@khazad-dum.debian.net
