On Tue, Feb 5, 2013 at 12:49 PM, Rich Kulawiec <[email protected]> wrote: > I have a question. Please to consider the following candidate password: > > S.3-t=2ga+Zilg59CEkp4 > > I'm curious as to how y'all would classify that on a scale of weak-to-strong. It looks strong by contemporary standards - its a mix of upper/lower/symbols, and has non-trivial length (21 is greater than the often recommended 8, 10, 12 or 16).
But there's only limited entropy in the password, so be careful of its use. Strong passwords often indicate "we should be using Public Key Cryptography". Finally, as others have said, you also need the context. Will it be digested? Will it be persisted in a passed-like file? Perhaps both (digested and persisted) via an HMAC an HSM? Will it directly key a cipher (never persisted)? > Yes, I have a reason for asking, but I'd like to withhold that for the > moment in order to gather opinions based on the merits. Do you want some independent research/citations? > (And fixing politics, economics, etc.? Simple. When I am Supreme > Emperor and Lord of the...what?! Oh man...y'all are no fun at all. > Fine. *Fine*. You ingrates will have to do it the hard way.) I would be a benevolent dictator too. Corporate America might beg to differ.... Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
