Pass-phrases vs. passwords
Ben Novack
bennovack at gmail.com
Tue Feb 15 15:24:01 UTC 2005
On Wed, 16 Feb 2005 02:01:12 +1100, Robert Parker <bposs at dodo.com.au> wrote:
> On Wednesday 16 February 2005 00:52, you wrote:
> > Even though this comes from a tainted source, it's still an
> > interesting discussion about the use of "pass phrases" vs. passwords:
> >
> > "Do you see a pattern here? Pass-phrase LENGTH, not complexity
> > defeats these attacks. Short, but complex passwords should be shunned
> > as they are not truly secure anymore and you are deceiving yourself if
> > you think they are. Long pass-phrases (14 characters or more) are the
> > future (along with 2-factor or more authN, but that's another blog for
> > another day) and are the only way to go if you want to ensure that you
> > won't get hacked via any type of password based attack of any kind."
>
> Ok, it's fairly obvious that the longer your password the more secure. Even
> if you want to call your long password a passphrase that's fine. But, the
> last I heard, Windows folds everything to upper case and truncates the pw/pp
> to 8 characters anyway. If that's true, any use of a passphrase in that
> system is just delusional.
>
> I very happily can't speak from experience here, I do have a Windows
> partition but have not booted it for the last 25 months.
The WinXP login, if nothing else, allows at least a dozen or so
characters and I'm pretty sure it retains case as well.
For myself, I'm a big fan of passphrases; my pre-Ubuntu root password
was a reasonably long string that I could tack a reminder of up in
plain sight without giving it away.
More information about the ubuntu-users
mailing list