FWIW I usually use a gadget called 'apg' to generate random
passwords. It has a mode in which it will only produce strings that
are pronounceable (sometimes just barely so), which I find a great aid
to memorability. For example, I can recall my home WEP key easily
even though I almost never see
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Peter Pentchev escribió:
On Tue, May 06, 2008 at 04:52:31AM -0400, Faramir wrote:
[snip Sven Radde's explanations about the salt]
(removed the part where I say what I understood about salt)
It seems that you are missing another important point
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10-May-08, at 04:37 , Peter Pentchev wrote:
It seems that you are missing another important point about the salt -
it is generated randomly each and every time something needs to be
encrypted :) There is no such thing as the salt value for
Hi!
Am Montag, den 05.05.2008, 22:58 -0400 schrieb Faramir:
So there are only 64 bits in an 8 character password, which can be
cracked quite quickly using rainbow tables for any password.
That is unlikely to work because gpg uses a random 64 bit salt as well
as extended hashing.
I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Matt Kinni wrote:
Everyone says it should be as long as possible, but there comes a point
where it's just impossible to remember anything longer than 20
characters. What do you think?
Well IMHO you should merge together some significant (just
Hi!
Matt Kinni schrieb:
Everyone says it should be as long as possible (...) What do you think?
You might find this interesting read:
http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
Also keep in mind that in order to attack your password, an attacker
would first have to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Noiano escribió:
Matt Kinni wrote:
Everyone says it should be as long as possible, but there comes a point
where it's just impossible to remember anything longer than 20
characters. What do you think?
.
- longer = 25 IMHO
- nonsense
Sven Radde wrote:
Hi!
Matt Kinni schrieb:
Everyone says it should be as long as possible (...) What do you think?
You might find this interesting read:
http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
Interesting article, thanks for the link. :-)
Also keep in mind that
Bill Royds wrote:
On 5-May-08, at 03:55 , Wolf Canis wrote:
There are infinite possibilities. That's the trick. Not the length of a
password is
decisive but the quality. The quality of your password decides how much
effort is necessary to hack it.
Unfortunately that is not true. Since
On 5-May-08, at 03:55 , Wolf Canis wrote:
There are infinite possibilities. That's the trick. Not the length
of a
password is
decisive but the quality. The quality of your password decides how
much
effort is necessary to hack it.
Unfortunately that is not true. Since most systems use a
Robert J. Hansen rjh at sixdemonbag.org
wrote on Mon May 5 10:36:16 CEST 2008 :
Everyone says it should be as long as possible
Not at all. At some point the passphrase becomes stronger than the
symmetric encryption algorithm. Then it's time to stop.
so,
assuming 95 keyboard possibilities
On Mon, 5 May 2008 14:18, [EMAIL PROTECTED] said:
So there are only 64 bits in an 8 character password, which can be
cracked quite quickly using rainbow tables for any password.
That is unlikely to work because gpg uses a random 64 bit salt as well
as extended hashing.
Salam-Shalom,
On May 5, 2008, at 4:05 AM, Sven Radde wrote:
Hi!
Matt Kinni schrieb:
Everyone says it should be as long as possible (...) What do you
think?
You might find this interesting read: http://www.schneier.com/blog/archives/2007/01/choosing_secure.html
That's a good article. See this also:
13 matches
Mail list logo
