[SOT] {FWD} [Dailydave] Don't use vowels in passwords! (fwd)

Guido Witmond guido at witmond.nl
Tue Nov 12 13:48:40 PST 2013

On 11/12/13 22:16, Cathal Garvey wrote:

> A password of good length, stored using a *password hash*, is pretty
> secure against attack. 'Good length' here is 20 characters or more, if
> you ask me..but the "true" entropy of a passphrase is not merely the
> length or character value, but number of words. So a 4-word
> 20-character passphrase is probably slightly weaker than a 5-word one,
> because pattern-based or markov-based brute-forcers may have an easier
> time working through 4-character passphrases.

With an average of 5 important sites and 50 less important site per
person, it requires people to *remember* 55 totally different 20
character passwords.

The number of trivia that people can remember in short term memory is 7
plus or minus 2. 55 is way to much to remember.

The world needs to forget passwords as remote identification and move on
to client certificates. Preferably, a separate client certificate for
each site. It takes only a small browser plug in to make it easy.

Regards, Guido.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 897 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20131112/da61f5a5/attachment-0002.sig>

More information about the cypherpunks mailing list