Homemade special personal characters on nano level to be used in passwords

[Tony Arnold]

On 11/09/12 11:04, Avi Greenbury wrote:
>>
>> What I meant was passwords which these newest super computers cannot 
>> break because there should be an endless number of characters, that is 
>> why I call in nano?
> 
> There will never be an endless number of characters unless there's an
> infinite length permitted (which there rarely is, and which would be
> unworkable in any case). However long the password is permitted to be
> in bits,  there's a maximum of 2^(length) combinations.
> 
> The usual way to make passwords more secure is to make it harder to
> try the guesses, rather than harder to construct a list of possible
> combinations. For example, you might make it such that the same user
> may try three different passwords in the space of ten minutes and
> then they're prevented from trying again without manual intervention
> from an administrator. 
> 
> This does require that the password hashes are kept secret (since
> anyone with the hash can test against it as frequently as they like),
> and the common way for passwords to be compromised is for the list of
> hashes to be.
> 
> 
> 
> If you want to be markedly more secure than can be conveniently
> achieved through normal passwords, generally you'll move up to
> certificates (perhaps with passphrases) which do essentially amount to
> incredibly long passwords.
> 

Or you move to two factor authentication where cracking the password is
of no use anyway.

Regards,
Tony.
-- 
Tony Arnold,                        Tel: +44 (0) 161 275 6093
Head of IT Security,                Fax: +44 (0) 705 344 3082
University of Manchester,           Mob: +44 (0) 773 330 0039
Manchester M13 9PL.                 Email: tony.arnold at manchester.ac.uk