Pass-phrases vs. passwords
Eric Dunbar
eric.dunbar at gmail.com
Tue Feb 15 15:34:53 UTC 2005
On Tue, 15 Feb 2005 10:24:01 -0500, Ben Novack <bennovack at gmail> wrote:
> On Wed, 16 Feb 2005 02:01:12 +1100, Robert Parker <bposs at dodo> wrote:
> > On Wednesday 16 February 2005 00:52, you wrote:
> > > Even though this comes from a tainted source, it's still an
> > > interesting discussion about the use of "pass phrases" vs. passwords:
> > >
> > > "Do you see a pattern here? Pass-phrase LENGTH, not complexity
> > > defeats these attacks. Short, but complex passwords should be shunned
> > > as they are not truly secure anymore and you are deceiving yourself if
> > > you think they are. Long pass-phrases (14 characters or more) are the
> > > future (along with 2-factor or more authN, but that's another blog for
> > > another day) and are the only way to go if you want to ensure that you
> > > won't get hacked via any type of password based attack of any kind."
> >
> > Ok, it's fairly obvious that the longer your password the more secure. Even
> > if you want to call your long password a passphrase that's fine. But, the
> > last I heard, Windows folds everything to upper case and truncates the pw/pp
> > to 8 characters anyway. If that's true, any use of a passphrase in that
> > system is just delusional.
> >
> > I very happily can't speak from experience here, I do have a Windows
> > partition but have not booted it for the last 25 months.
>
> The WinXP login, if nothing else, allows at least a dozen or so
> characters and I'm pretty sure it retains case as well.
According to that URL and some other sites I read today, Windows XP
does 128 character passwords. The specs apparently called for a 256
character password but the designers forgot about the little problem
of extended, 16 bit character sets ;P
Eric.
More information about the ubuntu-users
mailing list