[Discuss] Most common (or Most important) privacy leaks
Richard Pieri
richard.pieri at gmail.com
Wed Feb 18 14:35:02 EST 2015
On 2/18/2015 2:01 PM, Doug wrote:
> The first three were set with a length of 4 and made pronounceable. The
> later three are 19 characters long. I recall an article that said quite
> specifically that length was more important that choosing diverse
> characters.
The article you recall probably based it's assertion on brute force
attacks. Mathematically, a brute force attack against 9 characters will
take longer than it would against 8 characters but that's a very
narrow-minded approach. There are other ways to attack passwords like
known plaint text, dictionaries, rainbow tables and differential
cryptanalysis. Any rule that you enforce to make one kind of attack more
difficult will make another kind of attack less difficult.
> Most companies don't have anyone that knows cryptography. If you do have
> such a person, it is hard to understand them. I suspect lastpass is full
> of such people who are every bit as paranoid as readers of this group.
Which means nothing in the face of the LastPass terms of service.
--
Rich P.
More information about the Discuss
mailing list