Date: Thu, 20 Jun 2002 00:08:14 -0500 From: "Eric F Crist" <ecrist@adtechintegrated.com> To: "'Ryan Thompson'" <ryan@sasknow.com>, "'Bill Moran'" <wmoran@potentialtech.com> Cc: <freebsd-security@FreeBSD.ORG> Subject: RE: Password security Message-ID: <001b01c21818$7c748d10$77fe180c@armageddon> In-Reply-To: <20020619154831.Q32240-100000@ren.sasknow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ryan Thompson wrote to Bill Moran: [...] Yes, certainly. Calculating the entropy of that beast would be a bit difficult... One could just say 26^20, but if I know (or guess) it's English, and every letter doesn't occur with nearly the same probability, it's less than that. If I happen to know your algorithm, and have a dictionary of poetry and/or lyrics handy, it's a *lot* less than that. If you can mix upper/lower and add punctuation (i.e., "Lo, Fred's chickens laid 24 eggs!" => "L,F'scl2e!", makes for a stronger password). More stats than I'd like to do at the moment. :-) [...] What I failed to point out was that, if you're using FreeBSD, which I assume you as you're posting to this group, the FreeBSD login utility still only recognizes 8 character passwords, unless you've changed that. A 20 character password will still do you no good since: ad93fj93ja@#9cjf@jfd is looked at as the exact same password as: ad93fj93e93jf!edkjie Just a thought.... Eric F Crist President/Sys Admin AdTech Integrated Systems, Inc http://www.adtechintegrated.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?001b01c21818$7c748d10$77fe180c>