Re: OT:Password strength

Theo de Raadt Wed, 03 Dec 2014 22:17:41 -0800
>From [email protected] Wed Dec  3 
>20:37:28 2014
>Delivered-To: [email protected]
>DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.net; h= 
>message-id:x-sasl-enc:from:to:cc:mime-version 
>:content-transfer-encoding:content-type:subject:date:in-reply-to :references; 
>s=mesmtp; bh=N05hQ0kRdtamdXiI1uPUYYy4D/4=; b=iA54AY 
>ZyBQ3QX5T6ydBrioyWSy2EirHi4z0WRKUcPO8g1TG5UXqeODEtuA0N/7HR0Vfqpf 
>IxWfA/cECXnW2CRgxfbAuLyM5lC6/aNxeOYMQFWk4lvk2bG5OQ9LlI3YfD8t03aG 
>aGpj4kEdGlfRI82Ol9CYUc2K/x6LeqSGdRLZE=
>DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; 
>h=message-id:x-sasl-enc:from:to:cc 
>:mime-version:content-transfer-encoding:content-type:subject 
>:date:in-reply-to:references; s=smtpout; bh=N05hQ0kRdtamdXiI1uPU YYy4D/4=; 
>b=EmDvqWm+BO76xbaxG50X0DaOQVnloAlOTlWNz4FVQpekab134n7N 
>R2VEC9YywqMmdYI2nLDXYQ3eDh5yj0f+ordWvFaWPidz+GxTJ3EM1ZU30ywQVMPJ 
>CSbO/+h4Cw4xQklCxk602nePjo/RtEELvBXDOz1tflZDcDMoy83HG+Y=
>X-Sasl-Enc: MhT9Z3YiPDIsQoZKvCLrU99Bm5DjpuN8O7iVQLFa843l 1417664177
>From: Eric Furman <[email protected]>
>To: Brad Smith <[email protected]>
>Cc: Ted Unangst <[email protected]>, OpenBSD Misc <[email protected]>
>MIME-Version: 1.0
>Content-Transfer-Encoding: 8bit
>Content-Type: text/plain
>X-Mailer: MessagingEngine.com Webmail Interface - html
>Subject: Re: OT:Password strength
>Date: Wed, 03 Dec 2014 22:36:17 -0500
>In-Reply-To: <[email protected]>
>References: 
><1417316824.2046833.196840165.39fa2...@webmail.messagingengine.com> 
><[email protected]> 
><[email protected]>
>List-Help: <mailto:[email protected]?body=help>
>List-ID: <misc.openbsd.org>
>List-Owner: <mailto:[email protected]>
>List-Post: <mailto:[email protected]>
>List-Subscribe: <mailto:[email protected]?body=sub%20misc>
>List-Unsubscribe: <mailto:[email protected]?body=unsub%20misc>
>X-Loop: [email protected]
>Precedence: list
>Sender: [email protected]
>
>On Wed, Dec 3, 2014, at 08:27 AM, Brad Smith wrote:
>> On 11/30/14 15:20, Ted Unangst wrote:
>> > Examples:
>> >
>> > treetykaveprethicooputhedu
>> > soonataviceenoopatecoge
>> > gootrozapiceelytrithunula
>> > preezypeendothanundipeesooka
>> 
>> That defeats the purpose of the second example in the OPs question.
>
>I think I like Schneier's scheme:
>So if you want your password to be hard to guess, you should choose
>something that this process will miss. My advice is to take a sentence
>and turn it into a password. Something like "This little piggy went to
>market" might become "tlpWENT2m". That nine-character password won't be
>in anyone's dictionary. Of course, don't use this one, because I've
>written about it. Choose your own sentence -- something personal.
>https://www.schneier.com/blog/archives/2014/03/choosing_secure_1.html
>
>This scheme generates long hard passwords that are fairly easy to
>remember.
>And if I had read this article first I never would have asked my
>original question.
>Thanks to all who contributed, but I think we can kill this thread now.
Re: OT:Password strength

Reply via email to
