[Discuss] Most common (or Most important) privacy leaks

[sweetser at alum.mit.edu (Doug)]

The examples I provided used lower letters, upper letters, and digits.  The
differences are:

62^8 = 2.2 * 10^14
62^9 = 1.3 * 10^16
62^19 = 1.1 * 10^34

The extra 10 digits get me 18 orders of magnitude.  Entropy increases more
efficiently with the length, as xkcd explains:

http://xkcd.com/936/


On Wed, Feb 18, 2015 at 2:35 PM, Richard Pieri <richard.pieri at gmail.com>
wrote:

> On 2/18/2015 2:01 PM, Doug wrote:
>
>> The first three were set with a length of 4 and made pronounceable.  The
>> later three are 19 characters long.  I recall an article that said quite
>> specifically that length was more important that choosing diverse
>> characters.
>>
>
> The article you recall probably based it's assertion on brute force
> attacks. Mathematically, a brute force attack against 9 characters will
> take longer than it would against 8 characters but that's a very
> narrow-minded approach. There are other ways to attack passwords like known
> plaint text, dictionaries, rainbow tables and differential cryptanalysis.
> Any rule that you enforce to make one kind of attack more difficult will
> make another kind of attack less difficult.
>
>
>  Most companies don't have anyone that knows cryptography.  If you do have
>> such a person, it is hard to understand them.  I suspect lastpass is full
>> of such people who are every bit as paranoid as readers of this group.
>>
>
> Which means nothing in the face of the LastPass terms of service.
>
> --
> Rich P.
>
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>