It mentions both dictionaries and common words actually. Sent from my Android On Apr 16, 2011 12:01 PM, "Alberto Treviño" <[email protected]> wrote: > On Saturday, April 16, 2011 8:40:27 AM AJ ONeal wrote: >> This is near and dear to my heart so I had to evangelize: >> http://www.baekdal.com/tips/password-security-usability >> >> I disagree only slightly in that >> >> * lookup tables for any password less than 12 characters are readily >> available * devices can be tried several hundred times a second >> >> The counter argument: >> >> * If the attacker has physical access to the device or database in the >> first place, all bets are off >> >> And, of course, the best password is the one that you can stick on the >> sticky note and no one will be any the wiser: >> >> "Call John at 6:30" >> "Meeting on Tuesday" >> "mail dropoff before 5" > > This approach has problems too. First, many systems don't like spaces or > other special characters in their passwords. Websites are notorious for > this. Also, some systems have limits on how long a password can be. > > Another problem is being able to type your password correctly every time. > The longer the password, the more likely you are to make a mistake. If you
> make a mistake, you have to retype the password, which, if set to a long > phrase, will take a long time. If you still can't get it right, you may lock > yourself out. > > The article also doesn't mention how long it would take to do a dictionary > lookup on a password that uses dictionary words. So even though it may take > a long time with a brute force attack, it may not take very long with a > dictionary attack with word combinations. This sounds like a good research > opportunity. :-D > > -- > Alberto Treviño > BYU Testing Center > Brigham Young University > [email protected] > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
