[Discuss] Password managers
Kent Borg
kentborg at borg.org
Wed May 6 09:57:36 EDT 2020
On 5/5/20 10:41 PM, Rich Pieri wrote:
> * Run: "pwgen -nsB ##" (where ## is typically 16 or more)
Remember that there is a *big* difference between a password that is a
password and one that is used for encryption. A password (if not reused
between sites) does not have to be particularly strong. 30-bits of
entropy is a lot for a password that has rate-limited attempts, but for
encryption where attacks which can be run in parallel it is nothing, one
should have over 100-bits. A money machine PIN has only 13-something
bits of entropy, yet I think I have only ever heard of one ATM weakness
arising from the short PINs.
-kb
More information about the Discuss
mailing list