Linked by Howard Fosdick on Sat 10th Nov 2012 07:28 UTC
Bugs & Viruses If you want to ensure you have adequate passwords but don't have the time or interest to study the topic, there's a useful basic article on how to devise strong passwords over at the NY Times. It summarizes key points in 9 simple rules of thumb. Also see the follow-up article for useful reader feedback. Stay safe!
Thread beginning with comment 541944
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: Comment by Luminair
by Luminair on Sun 11th Nov 2012 09:19 UTC in reply to "RE: Comment by Luminair"
Luminair
Member since:
2007-03-30

those passphrases are long enough to be secure even with all lower case letters and english words. they will not be brute forced or dictionary attacked because it would take too long.

Reply Parent Score: 2

RE[3]: Comment by Luminair
by UltraZelda64 on Sun 11th Nov 2012 11:14 in reply to "RE[2]: Comment by Luminair"
UltraZelda64 Member since:
2006-12-05

Maybe so, but I'd prefer to play it safe and use more than just primarily lower-case letters. IMO, they could be a lot better.

Edited 2012-11-11 11:17 UTC

Reply Parent Score: 2

RE[3]: Comment by Luminair
by Laurence on Mon 12th Nov 2012 12:32 in reply to "RE[2]: Comment by Luminair"
Laurence Member since:
2007-03-26

those passphrases are long enough to be secure even with all lower case letters and english words. they will not be brute forced or dictionary attacked because it would take too long.

They would be dictionary attacked easily.

Modern dictionary attacks are designed to target passphrases just like that.

I've discussed dictionary attacks earlier in this thread, so have a read through that. Alternatively, read an account from some professionals in the field: http://arstechnica.com/security/2012/08/passwords-under-assault/

Reply Parent Score: 2

RE[4]: Comment by Luminair
by Luminair on Mon 12th Nov 2012 18:56 in reply to "RE[3]: Comment by Luminair"
Luminair Member since:
2007-03-30

so far I've got no proof of what I said, and you've got proof of what I said. not looking good for you so far, but thanks:

passwords longer than nine or 10 characters require rainbow tables with unwieldy file sizes. That leaves only a small sweet spot of seven or eight characters where rainbow tables are especially useful these days.


Reply Parent Score: 1