On Thu, Feb 10, 2011 at 1:49 PM, David Lum <[email protected]> wrote: > One method is to take acronyms from your favorite hobby and string them > together ...
This is a valid and good technique for generating a longer password. However, one must remain aware that human language is has **VERY LOW RANDOMNESS**. A 16 byte (128 bit) key based on human language is **NOT** the same as a 16 byte truly random key. Exact numbers vary, but Wikipedia quotes figures from 0.6 to 1.5 bits of entropy (randomness) per character for English. Let's split the difference and assume 1 bit per character. That means a 16 character pure English language password is roughly equivalent to a 16 bit key private key. The deliberately broken crypto used in "US export approved" software in the 1990s, generally considered to be worthless, still had a 40 bit keyspace. > Personally I use a passphrase with correct punctuation – it gives upper > case, lower case, and special character. That's what I prefer. Easier to type for me, and generates a longer password more easily. As MBS has illustrated, password length can be more important than pure complexity, if you're basing it on human language. Bigger rainbow tables. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
