-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12.01.2012 00:09, Mike Edenfield wrote: > From: Alan McKinnon [mailto:alan.mckin...@gmail.com] Sent: > Wednesday, January 11, 2012 5:48 PM > >> On Wed, 11 Jan 2012 17:08:04 -0500 Michael Mol >> <mike...@gmail.com> wrote: >> >>> I'm seriously unconvinced that concatenating words >>> significantly increases the difficulty of the problem. Just as >>> a mentalist will presume you're thinking about '7', your >>> average demographic would probably draw from a small pool of >>> source words, even latching on to catchphrases and other memes. >>> You're likely to see "steamingmonkeypile", "nyanyanyan", >>> "dontsaycandleja-" and "hasturhasturhast-" used more than once, >>> for example. I'd give a better list of likely results, but I >>> don't want to run too far afoul of good taste in public >>> posting. :) >> >> I agree. Longer pass{words,phrases} only increases the difficulty >> of the problem, but not significantly so. > > After I read the aforementioned xkcd comic, my main question was > how he defined the various bits of entropy for each "thing" done to > a password. That seemed to be a crucial determining factor in why > the "common words" password appeared so much harder than the "goofy > gibberish" one. Some seemed more obvious to me than others. > > I'm also curious, using the latest modern password-cracking > techniques, if his assessment really is accurate. As in, which of > the following two passwords would take longer to crack: > > #purpl3.R$!n# > > dovesymbolcarprince > > --K > >
Since both passwords are of nearly same length, the argument from the comic is not fulfilled: if you would use armageddonholycowencryptionworkshop you would have a relatively easy to remember, long password. Password length is far more important than using special characters... [1] [1] http://www.infoworld.com/d/security-central/password-size-does-matter-531 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJPDh7sAAoJEJwwOFaNFkYcV8MIAK9VekY88JElF9n9dEOSFOq1 g/RajBSrAaVbR/WV84DQ8xGGOLSIFMUFRWXTRcVEufCw0fXu6OBvKIsXhgZbWK1v DEYsQInIk73YGIeyCImd95nXZbswD7cbpGA7g9h/0u2d8+tbvqSIP/fNAKAUU0Yi uj3YiBz3ZXF+PZhvN5H0ZbKo1h7FOspzrd8UeSAzCBYJJeFEnpihWsfDiYdMYZrz AnAN6tk/llWfYsJkVaVpsjwHjzsDCCgUhmqL30kV2l24ngg5WeEXDcuuEoFdQGIK eV6CP6NSxSIPfQ4qEi2FTKzPLhHR6YhT/EVfYwis/OyYMSXatW+s7oNaqdjGAbg= =aKCH -----END PGP SIGNATURE-----
