Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez <do-not-spam-me@xxxxxxxx>
- Date: Sat, 28 Jul 2007 02:01:26 +0200
Ari <arisilverstein@xxxxxxxxx> (07-07-25 09:58:10):
Would you consider either of these serious passwords?
6:Q?-jiF6:Q?-jiF
6:Q?-jiFFij-?Q:6
Not really. Probably they are impractical to break for a random
attacker, but it's still safer to use a completely random string
without repetition. Then it also doesn't have to be so long.
I suppose this is the crux of my argument. On the order of
practicality, it is best to have the shortest possible password
(easiest to remember). You will need to have several (all eggs in one
basket = no good). so the shorter the better.
Unless the examples above, again rearranged so to be easily remembered
are, or combined into 32 character passwords...
Where is the point of best safety? One must assume a powerful
adversary to find that point. Or do we ever really know?
You have to assume that every attacker already has some information
about you or your password. Probably he knows that you are using
repetition patterns in all or many of your passwords, which makes
attacking it much easier.
Think of your adversary standing behind you while you type in your
password. He doesn't see what password you're typing, but he certainly
hears the repetition patterns. If you're using SSH challenge-response
authentication, then he might even sniff the traffic to find that out,
because it reveals the pauses between key-presses.
Regards,
Ertugrul Söylemez.
--
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
.
- Follow-Ups:
- Re: Newbie question on encryption keys
- From: Ari
- Re: Newbie question on encryption keys
- From: rgesw
- Re: Newbie question on encryption keys
- References:
- Newbie question on encryption keys
- From: rohanm79
- Re: Newbie question on encryption keys
- From: Mark Shroyer
- Re: Newbie question on encryption keys
- From: rohanm79
- Re: Newbie question on encryption keys
- From: Mark Shroyer
- Re: Newbie question on encryption keys
- From: Ari
- Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez
- Re: Newbie question on encryption keys
- From: Ari
- Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez
- Re: Newbie question on encryption keys
- From: Ari
- Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez
- Re: Newbie question on encryption keys
- From: Ari
- Re: Newbie question on encryption keys
- From: Ertugrul Soeylemez
- Re: Newbie question on encryption keys
- From: Ari
- Newbie question on encryption keys
- Prev by Date: IF-TNCCS-SOH Agent
- Next by Date: Re: Newbie question on encryption keys
- Previous by thread: Re: Newbie question on encryption keys
- Next by thread: Re: Newbie question on encryption keys
- Index(es):
Relevant Pages
|
