[Discuss] Most common (or Most important) privacy leaks

[richard.pieri at gmail.com (Richard Pieri)]

On 2/18/2015 2:01 PM, Doug wrote:
> The first three were set with a length of 4 and made pronounceable.  The
> later three are 19 characters long.  I recall an article that said quite
> specifically that length was more important that choosing diverse
> characters.

The article you recall probably based it's assertion on brute force 
attacks. Mathematically, a brute force attack against 9 characters will 
take longer than it would against 8 characters but that's a very 
narrow-minded approach. There are other ways to attack passwords like 
known plaint text, dictionaries, rainbow tables and differential 
cryptanalysis. Any rule that you enforce to make one kind of attack more 
difficult will make another kind of attack less difficult.


> Most companies don't have anyone that knows cryptography.  If you do have
> such a person, it is hard to understand them.  I suspect lastpass is full
> of such people who are every bit as paranoid as readers of this group.

Which means nothing in the face of the LastPass terms of service.

-- 
Rich P.