Re: Passwords & Passphrases

[Harold Winshel <winshel () CAMDEN RUTGERS EDU>]

I may have missed some of the earlier emails but I thought that a 15
character passphrase is as secure as a 15 character random password.

For that matter, I thought the  user could use the letter "a" fifteen
times and it could be as secure as a random 15-character password or
a 15-character password such as '"I don't like the Red Sox" (I think
that's more than 15, though).

Harold


At 04:44 PM 11/19/2007, Roger Safian wrote:
> At 02:01 PM 11/19/2007, Martin Manjak put fingers to keyboard and wrote:
> >move beyond 8 characters with mixed case and special characters. I would
> >like to see us require a 15 character pass phrase which, in my view, is
> >more secure (even without complexity), and both easier to type and
> >remember.
>
> Personally I'd love to see a password minimum length of 15 characters.
>
> My fear is that a password database get's compromised, and the weak
> passwords are cracked and bad things take place.  I think that 15
> characters is a long enough string to make brute force cracking
> time consuming enough to allow us to change the passwords in
> a reasonable time-frame.
>
> I think the reality is that 15 characters will be too much for
> the community.  We'll see.
>
>
> --
> Roger A. Safian
> r-safian () northwestern edu (email) public key available on many key servers.
> (847) 491-4058   (voice)
> (847) 467-6500   (Fax) "You're never too old to have a great childhood!"

Harold Winshel
Computing and Instructional Technologies
Faculty of Arts & Sciences
Rutgers University, Camden Campus
311 N. 5th Street, Room B10 Armitage Hall
Camden NJ 08102
(856) 225-6669 (O)