[Info-vax] password strength (Re: VMS humor)
John Reagan
xyzzy1959 at gmail.com
Thu Dec 31 16:34:23 EST 2020
On Thursday, December 31, 2020 at 1:02:59 PM UTC-5, Craig A. Berry wrote:
> On 12/31/20 12:29 AM, John Reagan wrote:
>
> > The phrase "King Philip fried a pheasant on Friday!" is 7 words out of a dictionary full of words.
> > The distribution is quite predictable as each English word (yes, there are a few exceptions known
> > to Scrabble players) contains at least one vowel.
> But unless the entire phrase is in someone's password cracking
> dictionary, the fact that portions contain well-known words doesn't
> really make any difference, does it? If it did, delimiting with
> non-space characters would take care of that.
> > How did you determine 189?
> I did a quick web search and found this:
>
> <http://rumkin.com/tools/password/passchk.php>
>
> which is also something the XKCD entry below points to.
> > I'm not in the XKCD camp and fall in with Steve Gibson.
> >
> > https://www.explainxkcd.com/wiki/index.php/936:_Password_Strength
> The point of that is that length works better than funny characters at
> increasing entropy. Which was essentially my point as well.
Yes, length matters. According to https://www.security.org/how-secure-is-my-password/
one the 16-char line-noise passwords would take 41 trillion years to brute force. Your "King Philip..."
phrase would take 2 octodecillion years to brute force (but I suspect that website didn't realize
that the passphrase was a sequence of concatenated words found in a dictionary).
More information about the Info-vax
mailing list