|
Posted by Ari on July 14, 2007, 1:17 pm
If you were Registered and logged in, you could reply and use other advanced thread options
On Sat, 14 Jul 2007 07:52:45 +0200, Ertugrul Soeylemez wrote:
>>> If the attacker does not know your password pattern (i.e. whether,
>>> where and how often you repeat), then the new password will be more
>>> secure, but not as secure as a random 16 character password (since
>>> the attacker might try guessing against repetition patterns).
>>
>> Yes, and this is the crux of the question, I suppose. Is checking for
>> repetition a common approach in password unveiling. It would seem
>> logical that it is since this would be a simple way to more easily
>> remember 16+ character passwords. Maybe not, maybe that's too tough of
>> an algorithmic equation.
>
> Maybe I would do this implicitly, by changing the order of passphrases
> to match against. Considering that a rather small percentage of people
> use repetition, I wouldn't do this explicitly.
>
> Regards,
> Ertugrul Söylemez.
I would think that repetition is more common than that.
|
|
Posted by Ertugrul Soeylemez on July 16, 2007, 12:49 am
If you were Registered and logged in, you could reply and use other advanced thread options
> > Maybe I would do this implicitly, by changing the order of
> > passphrases to match against. Considering that a rather small
> > percentage of people use repetition, I wouldn't do this explicitly.
>
> I would think that repetition is more common than that.
Among passwords, which are trivial anyway, it's probably common, like
"byebye", "johnnyjohn" or "boy boy boy". You will agree that serious
passwords generally don't use repetition. Even if they do, the patterns
aren't quite as obvious.
Regards,
Ertugrul S=C3=B6ylemez.
--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
|
|
Posted by Ari on July 20, 2007, 6:19 pm
If you were Registered and logged in, you could reply and use other advanced thread options
>> I would think that repetition is more common than that.
>
> Among passwords, which are trivial anyway, it's probably common, like
> "byebye", "johnnyjohn" or "boy boy boy". You will agree that serious
> passwords generally don't use repetition. Even if they do, the patterns
> aren't quite as obvious.
>
> Regards,
> Ertugrul Söylemez.
Would you consider either of these serious passwords?
6:Q?-jiF6:Q?-jiF
6:Q?-jiFFij-?Q:6
|
|
Posted by Ertugrul Soeylemez on July 25, 2007, 2:29 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Would you consider either of these serious passwords?
>
> 6:Q?-jiF6:Q?-jiF
> 6:Q?-jiFFij-?Q:6
Not really. Probably they are impractical to break for a random
attacker, but it's still safer to use a completely random string without
repetition. Then it also doesn't have to be so long.
Regards,
Ertugrul S=C3=B6ylemez.
--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
|
|
Posted by Ari on July 25, 2007, 9:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
> Among passwords, which are trivial anyway, it's probably common, like
> "byebye", "johnnyjohn" or "boy boy boy". You will agree that serious
> passwords generally don't use repetition. Even if they do, the patterns
> aren't quite as obvious.
>
>> Would you consider either of these serious passwords?
>>
>> 6:Q?-jiF6:Q?-jiF
>> 6:Q?-jiFFij-?Q:6
>
> Not really. Probably they are impractical to break for a random
> attacker, but it's still safer to use a completely random string without
> repetition. Then it also doesn't have to be so long.
>
> Regards,
> Ertugrul Söylemez.
I suppose this is the crux of my argument. On the order of practicality,
it is best to have the shortest possible password (easiest to remember).
You will need to have several (all eggs in one basket = no good). so the
shorter the better.
Unless the examples above, again rearranged so to be easily remembered
are, or combined into 32 character passwords...
Where is the point of best safety? One must assume a powerful adversary
to find that point. Or do we ever really know?
|
| Similar Threads | Posted | | X.509 Digital Certificate Newbie Question | April 12, 2005, 3:55 am |
| Question from a newbie -- protecting files | July 20, 2005, 3:01 pm |
| A basic/newbie question on https. | January 30, 2008, 8:55 pm |
| hiding encryption keys | August 12, 2005, 3:32 pm |
| typical approach for encryption using keys? | June 27, 2007, 6:20 am |
| RSA encryption - practical question | March 14, 2006, 12:11 pm |
| Tunneling newbie? | February 21, 2005, 8:52 pm |
| Newbie... need basics | August 10, 2006, 8:01 pm |
| Spoofing fingerprint scanners - NEWBIE() | May 1, 2006, 1:57 pm |
| Newbie: (unwanted) incoming traffice on static DSL line | November 20, 2005, 8:17 pm |
|
XML site map