how long should a password be?
Wolf Canis
wolf.canis at googlemail.com
Mon May 5 15:02:39 CEST 2008
Bill Royds wrote:
>
> On 5-May-08, at 03:55 , Wolf Canis wrote:
>
>> There are infinite possibilities. That's the trick. Not the length of a
>> password is
>> decisive but the quality. The quality of your password decides how much
>> effort is necessary to hack it.
>
> Unfortunately that is not true. Since most systems use a single byte
> for each character in a passphrase There are only 2^(8*n) bits in an n
> character passphrase.
> So there are only 64 bits in an 8 character password, which can be
> cracked quite quickly using rainbow tables for any password.
That's right, but I think there is a misunderstanding. The quote on which
you refers, refers not to the bit depiction but to the possibilities to
create _and_
remember passwords and if one wants a 50 character long password - with
the method, which I as example described, it's possible. If you can good
remember
fairy tales, for example, than I would suggest that you use this ability.
What I try to say is, that every user have to develop his/her own
individual
method.
>
> The real problem is allowing multiple attempts to crack the passphrase
> and this only occurs if your secret keyring is available to the cracker.
>
> Basically, any password you can remember is easy to crack, so don't
> let the keyring ever be in a position for someone to try.
That's absolutely true and I assumed that the secret keyring is _not_
available to the cracker.
If a cracker has the opportunity to conduct multiple, perhaps
unlimited, attempts - than nothing is secure.
Hopefully I could clarify this.
W. Canis
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20080505/4f8fa10f/attachment.pgp>
More information about the Gnupg-users
mailing list