funsec mailing list archives
Re: While we're all trying to fix politics, economics, etc.
From: Jeffrey Walton <noloader () gmail com>
Date: Tue, 5 Feb 2013 14:09:19 -0500
On Tue, Feb 5, 2013 at 12:49 PM, Rich Kulawiec <rsk () gsp org> wrote:
I have a question. Please to consider the following candidate password: S.3-t=2ga+Zilg59CEkp4 I'm curious as to how y'all would classify that on a scale of weak-to-strong.
It looks strong by contemporary standards - its a mix of upper/lower/symbols, and has non-trivial length (21 is greater than the often recommended 8, 10, 12 or 16). But there's only limited entropy in the password, so be careful of its use. Strong passwords often indicate "we should be using Public Key Cryptography". Finally, as others have said, you also need the context. Will it be digested? Will it be persisted in a passed-like file? Perhaps both (digested and persisted) via an HMAC an HSM? Will it directly key a cipher (never persisted)?
Yes, I have a reason for asking, but I'd like to withhold that for the moment in order to gather opinions based on the merits.
Do you want some independent research/citations?
(And fixing politics, economics, etc.? Simple. When I am Supreme Emperor and Lord of the...what?! Oh man...y'all are no fun at all. Fine. *Fine*. You ingrates will have to do it the hard way.)
I would be a benevolent dictator too. Corporate America might beg to differ.... Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- While we're all trying to fix politics, economics, etc. Rich Kulawiec (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Charlie Derr (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Jeffrey Walton (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Les Bell (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Charlie Derr (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Paul Ferguson (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Blanchard, Michael (InfoSec) (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Jeffrey Walton (Feb 05)
- Re: While we're all trying to fix politics, economics, etc. Rich Kulawiec (Feb 06)
- Re: While we're all trying to fix politics, economics, etc. Blanchard, Michael (InfoSec) (Feb 06)
- Re: While we're all trying to fix politics, economics, etc. Valdis . Kletnieks (Feb 05)