Re: While we're all trying to fix politics, economics, etc.

[Jeffrey Walton <noloader () gmail com>]

On Tue, Feb 5, 2013 at 12:49 PM, Rich Kulawiec <rsk () gsp org> wrote:
> I have a question.  Please to consider the following candidate password:
>
>         S.3-t=2ga+Zilg59CEkp4
>
> I'm curious as to how y'all would classify that on a scale of weak-to-strong.
It looks strong by contemporary standards - its a mix of
upper/lower/symbols, and has non-trivial length (21 is greater than
the often recommended 8, 10, 12 or 16).

But there's only limited entropy in the password, so be careful of its
use. Strong passwords often indicate "we should be using Public Key
Cryptography".

Finally, as others have said, you also need the context. Will it be
digested? Will it be persisted in a passed-like file? Perhaps both
(digested and persisted) via an HMAC an HSM? Will it directly key a
cipher (never persisted)?

> Yes, I have a reason for asking, but I'd like to withhold that for the
> moment in order to gather opinions based on the merits.
Do you want some independent research/citations?

> (And fixing politics, economics, etc.?  Simple.  When I am Supreme
> Emperor and Lord of the...what?!  Oh man...y'all are no fun at all.
> Fine.  *Fine*.  You ingrates will have to do it the hard way.)
I would be a benevolent dictator too. Corporate America might beg to differ....

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.