RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!
From: Banta, Will (Will.Banta_at_broadwing.com)
Date: 10/19/04
- Previous message: Georgi Guninski: "[Full-Disclosure] Re: Web browsers - a mini-farce"
- Maybe in reply to: RandallM: "[Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Next in thread: Frank Knobbe: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Reply: Frank Knobbe: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <full-disclosure@lists.netsys.com> Date: Tue, 19 Oct 2004 15:15:22 -0500
Wow! Three-year-olds are supposed to have a vocab of 500+ words....
-----Original Message-----
From: full-disclosure-admin@lists.netsys.com
[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Pavel
Kankovsky
Sent: Sunday, October 17, 2004 2:21 PM
To: full-disclosure@lists.netsys.com
Subject: Re: [Full-Disclosure] Senior M$ member says stop using
passwords completely!
On Sat, 16 Oct 2004, Frank Knobbe wrote:
> It's a nice recommendation of MS to make (to use long passphrases
> instead of passwords). But I don't consider 14 chars a "passphrase".
> Perhaps they should enable more/all password components to handle much
> longer passwords/phrases.
A passphrase consisting of 7 words and 12 bits of entropy per a word is
as guessable as a password with 14 characters and 6 bits of entropy per
a character. You get 84 bits of total entropy in both cases.
The only advantage of passphrases is that lusers might find long random
sequences of words easier to remember than long random sequences of
characters.
(But wait: 12 bits of entropy per a word--this is equivalent to a
uniform choice of one word out of 4096. 4 thousand? That might exceed an
average luser's vocabulary by an order of magnitude! ;>)
--Pavel Kankovsky aka Peak [ Boycott
Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your
source code and prepare for assimilation."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Georgi Guninski: "[Full-Disclosure] Re: Web browsers - a mini-farce"
- Maybe in reply to: RandallM: "[Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Next in thread: Frank Knobbe: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Reply: Frank Knobbe: "RE: [Full-Disclosure] Senior M$ member says stop using passwords completely!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
