Educause Security Discussion mailing list archives
Re: Password entropy
From: David Gillett <gillettdavid () FHDA EDU>
Date: Wed, 19 Jul 2006 12:22:01 -0700
Stronger? Probably not. *All other things being equal*, length almost certainly trumps complexity. More effective? Sure. It's a lot less typing, which makes it easier to get the human to *use* it. And it resists most of the possible attacker shortcuts that the use of English words and grammar subjects the longer phrase to (which effectively shorten the long phrase). Some fraction of what I lose on length, I make back on complexity, and a really strong password that people won't use doesn't do any good. David Gillett
-----Original Message----- From: Roger Safian [mailto:r-safian () NORTHWESTERN EDU] Sent: Wednesday, July 19, 2006 11:39 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Password entropy At 01:14 PM 7/19/2006, David Gillett put fingers to keyboard and wrote:If I choose"1 am not going to PAY a lot for the muffler!"as my "passphrase", *I* will probably use "1angtPalftm" as the actual *password*.I just want to be clear here. You are suggesting that the shorter phrase is stronger than the longer phrase? -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Password entropy Basgen, Brian (Jul 19)
- <Possible follow-ups>
- Re: Password entropy Brent Sweeny (Jul 19)
- Re: Password entropy David Gillett (Jul 19)
- Re: Password entropy Buz Dale (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy David Gillett (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Valdis Kletnieks (Jul 19)
- Re: Password entropy Dave Koontz (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
(Thread continues...)