Chris writes: > Ummm - Somehow, somewhere, I was always taught that the longer the > password, the better. So, how can a short passward (say 10 bytes) be as > secure as a 128 byte?
It depends on how the password is encrypted and stored. A short, random password may be more secure than a long, less-random password--especially if the password logic discards all characters beyond a certain point, or doesn't hash the entire password in a way that maximizes the extraction of entropy from the password. For example, on a system that uses only the first eight bytes of a password, you'd want a pretty random string of eight bytes, like "uhhxuapo48", but on a system that accepts 128 bytes and pumps them through a message digest algorithm to maximize the amount of randomness it extracts from the string, you could use something like "tiles cloven thru *STARZ/, and zen pop-tarts conceal," and get something that is both easier to remember _and_ more secure (because it provides more bits of entropy if properly processed). -- Anthony _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
