lcottrell@popmail.ucsd.edu writes:
I make a point of using at least one non-dictionary word in every passphase I make.
Something pronouncable? Something that follows rules of some natural language, something short that could have been a word? Good, but not the whole cigar. Last I used VMS you could get it to suggest non-word word-a-likes to use as your password. Seems terrible brute forcable in 1994. Adding a non-word to a pass phrase is like increasing the size of the dictionary, and if you only do one non-word then only *that* word picks up more bits of entropy in the phrase. Yes, there are bits in where you put the word, but the whole phrase did not become made of deep bits. But my point is really that even these often-less-good-than-they-look measures are far better than what *real* people are going to do. -kb, the Kent who wonders whether real people will ever have decent security -- Kent Borg +1 (617) 776-6899 kentborg@world.std.com kentborg@aol.com Proud to claim 31:15 hours of TV viewing so far in 1994!