-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Somebody in the thread at some point said: | On Sat, May 31, 2008 at 2:04 AM, Vinc Duran <[EMAIL PROTECTED]> wrote: |> You could make it longer too. I mean you could require receiving multiple |> sms's. It could be a very long key. |> | | Why bother? | Even using only alphanumeric characters (I've counted 62 characters) | there are more than 10^216 possible keys [1]. That means that somebody
I read an provocative estimate a year or so ago that each extra character of a password adds only on average 1.5 bits of entropy to it. ~ Considering how most passwords are formed from dictionary words, albeit slightly modified or appended, it sounds about right. And that's ignoring the passwords that are some variation of 1234, "password", or are to be found underneath the keyboard[1], etc. - -Andy [1] The case in Zaavi shop in Oxford Street, London I was amused to discover recently. And the Three shop in Kettering actually had their login credentials laminated and pinned to the wall for all to read -- how many bits of entropy is that despite the huge "password space" that could exist? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkhBb6oACgkQOjLpvpq7dMox6wCeMCjL5GzEJ+lL9SCpsZKpvEaM YUIAoI1T7uA2UksfVR9DK7fu1AqJLsMi =N8nt -----END PGP SIGNATURE----- _______________________________________________ Openmoko community mailing list [email protected] http://lists.openmoko.org/mailman/listinfo/community
