[Previous] [Next] [Index]
[Thread]
Unix links subverting Web security
> only one type of password that is acceptable today: random gibberish (mean
> gibberish - nothing phonetic even) created by a RNG seeded by a non
> deterministic source (some good ones available). a really random 8 char
> passwd will make brute force attack not much fun. now do this with 12 char
Unfortunately, a completely random password will make the "walk
casually around in the office memorizing all the passwords written
on post-it notes on the walls" attack work even better than it
normally does. You win some, you lose some. Allowing long
passphrases (PGP model, for instance) seems a better solution;
a somewhat higher plane in the tradeoff-space.
DC (hoping he hasn't accidentally started the Password Thread)