Re: While we're all trying to fix politics, economics, etc.

["Blanchard, Michael (InfoSec)" <michael.blanchard () emc com>]

if it's a password a *HUMAN* has to enter, they'll never remember it and probably write it down somewhere which would 
make it very weak.

If you can 100% guarantee that said human will keep it in a password safe and simply cut and paste it into the password 
it would be much stronger, to very strong

If a HUMAN never has to enter it by hand, and it's only used by a machine, and is encrypted at rest (in code or 
wherever), then it's very strong.

 Just my 2 cents :-)

Michael P. Blanchard
Senior Security Engineer, CISSP, GCIH, CCSA-NGX, MCSE
Cyber Security Services
EMC ² Corporation
32 Coslin Drive
Southboro, MA 01772


-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On Behalf Of Rich Kulawiec
Sent: Tuesday, February 05, 2013 12:50 PM
To: funsec () linuxbox org
Subject: [funsec] While we're all trying to fix politics, economics, etc.

I have a question.  Please to consider the following candidate password:

        S.3-t=2ga+Zilg59CEkp4

I'm curious as to how y'all would classify that on a scale of weak-to-strong.

Yes, I have a reason for asking, but I'd like to withhold that for the
moment in order to gather opinions based on the merits.

(And fixing politics, economics, etc.?  Simple.  When I am Supreme
Emperor and Lord of the...what?!  Oh man...y'all are no fun at all.
Fine.  *Fine*.  You ingrates will have to do it the hard way.)

---rsk
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.