On 10/12/2011 01:41 PM, Richard Hughes wrote: > On 12 October 2011 17:44, Kevin Fenzi<ke...@scrye.com> wrote: >> * Nine or more characters with lower and upper case letters, digits and >> punctuation marks. >> * Ten or more characters with lower and upper case letters and digits. >> * Twelve or more characters with lower case letters and digits >> * Twenty or more characters with all lower case letters. > > This is just insane. My existing password is 8 digits and > alphanumeric, and given that I have to enter it over and over again > (and prove "I'm human", another WTF) when creating updates I'm really > wondering if I want to bother.
Length beats out larger character set, which is nicely illustrated by the XKCD cartoon http://imgs.xkcd.com/comics/password_strength.png Considering that it's hard to type a wide character set (I probably touch-type '&' correctly about 70% of the time), I actually like long alpha passwords. It is strange though that the complexity of the new requirements varies so much: (24+24+10+12)^9 or 4.0354e+16 (24+24+10)^10 or 4.3080e+17 (24+24)^12 or 1.4959e+20 (24)^20 or 4.0200e+27 except, of course, the alphabetic strings aren't likely to be purely random but rather dictionary words, which would reduce the complexity spread. Richard's complexity is (24+24+10)^8, or 1.2806e+14 which is not that much worse than the low end. We all know that he'll just add '1' to his existing password :) except, of course, the alphabetic strings aren't going to be purely random but rather dictionary words, which would reduce the complexity spread. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
