Em 27-06-2014 11:50, Stefan Wollny escreveu: > Hi misc@-readers! > > I have once more read man afterboot(8) and a question came up related > to the superuser's password. > > In section 'root password' advisory is given to "choose a password > that has digits and special characters (not space)". This last advice > is what I do not understand - all of my passwords have spaces, > including root's, and I never noticed any drawbacks. Actually I > consider spaces within a password to be a security feature making it a > 'passphrase' which should be harder to crack (yes - it is as looong > password for root ;-) ) > > Now: Is this advice in afterboot(8) 'out-of-date' or am I just lucky? > > STEFAN > Perhaps you should take a look at this funny and very accurate xkcd comic strip:
http://xkcd.com/936/ Passwords are all about entropy. Spaces, special characters, don't mean much for brute force attacks. If you take a look at the most new, state of the art password cracking tools, you'll find that they are very, very good at guessing passwords. I believe that using long phrases composed of random words as passwords is way more effective than these special, punctuation, spaces, passwords. But, that's me. Don't take my word for it. The man page still does give good advice, specially because the cryptography used on the OpenBSD passwords is much stronger than other oses. Take a look at crypt(3) man page. You'll see that you can have a password with 72 characters. I believe that cryptographic attacks on the hashing are very hard. And remote attacks on your machine are unlikely. But remember, it's all about entropy. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
