On 2/18/2015 2:01 PM, Doug wrote:
The first three were set with a length of 4 and made pronounceable. The later three are 19 characters long. I recall an article that said quite specifically that length was more important that choosing diverse characters.
The article you recall probably based it's assertion on brute force attacks. Mathematically, a brute force attack against 9 characters will take longer than it would against 8 characters but that's a very narrow-minded approach. There are other ways to attack passwords like known plaint text, dictionaries, rainbow tables and differential cryptanalysis. Any rule that you enforce to make one kind of attack more difficult will make another kind of attack less difficult.
Most companies don't have anyone that knows cryptography. If you do have such a person, it is hard to understand them. I suspect lastpass is full of such people who are every bit as paranoid as readers of this group.
Which means nothing in the face of the LastPass terms of service. -- Rich P. _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss
