funsec mailing list archives

Re: xkcd on password strength

From: Mouse <mouse () rodents-montreal org>
Date: Wed, 10 Aug 2011 14:00:54 -0400 (EDT)

http://xkcd.com/936/

Too true.  Also too bad that so many sites limit you to 14-16
characters ...


Yeah, if I have to use something that's hard to remember, I'm going to
do something like

dd if=/dev/urandom bs=1 count=8 | hexdump -v -e '1/1 "%02x"' | cvtbase x "`count from 33 to 126 | code-to-char`"

and just deal with memorizing =m%bDf<-%L or )s}lbsTDYI or the like
(those are two real results of running the above command).  Not all
that easy to memorize, but not all _that_ much harder than Tr0ub4dor&3,
and substantially more secure.

Better yet, of course, would be to simply refuse to have anything to do
with organizations that demand you use passwords rather than something
like ssh identities that at least have the _potential_ to provide real
security.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse () rodents-montreal org
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 10)
- Re: xkcd on password strength Mouse (Aug 10)
  - Re: xkcd on password strength Larry Seltzer (Aug 10)
    - Message not available
    - Re: xkcd on password strength Larry Seltzer (Aug 10)
- Re: xkcd on password strength Drsolly (Aug 11)
  - Re: xkcd on password strength Larry Seltzer (Aug 11)
    - Re: xkcd on password strength Roger Thompson (Aug 11)
    - Re: xkcd on password strength Drsolly (Aug 11)
    - Re: xkcd on password strength Rob, grandpa of Ryan, Trevor, Devon & Hannah (Aug 11)
    - Re: xkcd on password strength Jeffrey Walton (Aug 11)