LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

XKCD

XKCD

Posted Oct 18, 2011 1:42 UTC (Tue) by nlucas (subscriber, #33793)
In reply to: XKCD by dlang
Parent article: Enforcing password strength

Right, but the article doesn't say the padding must be simple things like "......" or "+++++".

You can decide to pad "dog" with "qw34rty", like "dogqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rtyqw34rty", and even if they are repetitions I doubt this will be on any rainbow table.

The magic is just to decide on a padding that in effect is random to the attacker, like "9fe8jn" repeated 20 times, added to simple dictionary words.

The point of the article is that, as long as one doesn't copy padding techniques from a friend, they are more secure passwords than a simple 10 characters random one.

The major problem with this is stupid sites that restrict password length, which by itself shows that the site security is not trustworthy, whatever secure password you choose.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds