Security Basics mailing list archives
RE: Length vs Complexity
From: Pankaj <pankaj.with.wings () gmail com>
Date: Thu, 16 Sep 2010 23:22:37 +0530
Hmm, Mike. Using complete English words only separated by dots wouldn't be a good idea because it can be broken through a brute-force attack using an English dictionary. Of course, having three English words separated by dots is better than having only two simply because it increases the number of permutations to be tried. However, if we compare it with the other password, we can immediately get a feeling of more security since the attacker can't get candidates from an English dictionary. In addition, having the symbols along with letters and numbers just breaks the logical continuity and thus makes it harder for the attacker to guess it. So, in a nutshell, the first password is weaker due to its being intelligible to a machine , given a dictionary. Being longer, it increases the permutations but the gain doesn't offset the risk due to the presence of guess-able words. Do you agree? -----Original Message----- From: Mike Razzell <m.razzell () gmail com> Sent: 16 September 2010 22:31 To: security-basics () securityfocus com Subject: Length vs Complexity Users hear constantly that they should add complexity to their passwords, but from the math of it doesn't length beat complexity (assuming they don't just choose a long word)? This is not to suggest they should not use special characters, but simply that something like Security.Basics.List would provide better security than D*3ft!7z. Is that correct? Thanks, -Mike -- Sent from my mobile device ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Re: Length vs Complexity, (continued)
- Re: Length vs Complexity Ansgar Wiechers (Sep 16)
- RE: Length vs Complexity David Gillett (Sep 16)
- Re: Length vs Complexity p8x (Sep 16)
- Re: Length vs Complexity Jeffrey Walton (Sep 20)
- Re: Length vs Complexity Walter Goulet (Sep 16)
- Message not available
- Re: Length vs Complexity Walter Goulet (Sep 17)
- Message not available
- Message not available
- Re: Length vs Complexity Walter Goulet (Sep 17)
- Re: Length vs Complexity Roger (Sep 17)
- Re: Length vs Complexity John Morrison (Sep 20)
- Re: Length vs Complexity Roger (Sep 16)