Educause Security Discussion mailing list archives
Re: Password entropy
From: Roger Safian <r-safian () NORTHWESTERN EDU>
Date: Thu, 20 Jul 2006 08:26:07 -0500
At 06:42 PM 7/19/2006, Basgen, Brian put fingers to keyboard and wrote:
Roger,the shorter phrase is stronger than the longer phrase?I think that is questionable. One would have to work out the entropy. One thing to think about is that effective cracking would need to target phrases versus passwords. Thus, one could make an argument for security through obscurity, since most crackers target passwords (and thus mnemonics) the phrase approach is stronger. Also, consider that depending on the cracking approach, either each letter is a factor in the entropy (passwords) or each word is a factor (in pass phrases): an important difference here is that characters have a limited amount of variation (in a good scenario, 96 variations), while words could theoretically have 500,000 variations, which significantly alters the math! :) In the absence of math on entropy for passphrases, I tend to think they are stronger (and easier).
Just to be clear, this was the very point I was making, which was why I asked the question in the first place. -- Roger A. Safian r-safian () northwestern edu (email) public key available on many key servers. (847) 491-4058 (voice) (847) 467-6500 (Fax) "You're never too old to have a great childhood!"
Current thread:
- Re: Password entropy, (continued)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy David Gillett (Jul 19)
- Re: Password entropy Roger Safian (Jul 19)
- Re: Password entropy scott hollatz (Jul 19)
- Re: Password entropy Valdis Kletnieks (Jul 19)
- Re: Password entropy Dave Koontz (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Basgen, Brian (Jul 19)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Graham Toal (Jul 20)
- Re: Password entropy Valdis Kletnieks (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Roger Safian (Jul 20)
- Re: Password entropy Basgen, Brian (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Harold Winshel (Jul 20)
- Re: Password entropy Graham Toal (Jul 21)
(Thread continues...)