[Discuss] Most common (or Most important) privacy leaks
Doug
sweetser at alum.mit.edu
Wed Feb 18 15:08:45 EST 2015
The examples I provided used lower letters, upper letters, and digits. The
differences are:
62^8 = 2.2 * 10^14
62^9 = 1.3 * 10^16
62^19 = 1.1 * 10^34
The extra 10 digits get me 18 orders of magnitude. Entropy increases more
efficiently with the length, as xkcd explains:
http://xkcd.com/936/
On Wed, Feb 18, 2015 at 2:35 PM, Richard Pieri <richard.pieri at gmail.com>
wrote:
> On 2/18/2015 2:01 PM, Doug wrote:
>
>> The first three were set with a length of 4 and made pronounceable. The
>> later three are 19 characters long. I recall an article that said quite
>> specifically that length was more important that choosing diverse
>> characters.
>>
>
> The article you recall probably based it's assertion on brute force
> attacks. Mathematically, a brute force attack against 9 characters will
> take longer than it would against 8 characters but that's a very
> narrow-minded approach. There are other ways to attack passwords like known
> plaint text, dictionaries, rainbow tables and differential cryptanalysis.
> Any rule that you enforce to make one kind of attack more difficult will
> make another kind of attack less difficult.
>
>
> Most companies don't have anyone that knows cryptography. If you do have
>> such a person, it is hard to understand them. I suspect lastpass is full
>> of such people who are every bit as paranoid as readers of this group.
>>
>
> Which means nothing in the face of the LastPass terms of service.
>
> --
> Rich P.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list