User: Password:
|
|
Subscribe / Log in / New account

Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30

From:  Przemek Klosowski <przemek.klosowski-AT-nist.gov>
To:  Development discussions related to Fedora <devel-AT-lists.fedoraproject.org>
Subject:  Re: Subject: IMPORTANT: Mandatory password and ssh key change by 2011-11-30
Date:  Wed, 12 Oct 2011 14:37:44 -0400
Message-ID:  <4E95DE78.2020107@nist.gov>
Archive-link:  Article

On 10/12/2011 01:41 PM, Richard Hughes wrote:
> On 12 October 2011 17:44, Kevin Fenzi<kevin@scrye.com>  wrote:
>> * Nine or more characters with lower and upper case letters, digits and
>>   punctuation marks.
>> * Ten or more characters with lower and upper case letters and digits.
>> * Twelve or more characters with lower case letters and digits
>> * Twenty or more characters with all lower case letters.
>
> This is just insane. My existing password is 8 digits and
> alphanumeric, and given that I have to enter it over and over again
> (and prove "I'm human", another WTF) when creating updates I'm really
> wondering if I want to bother.

Length beats out larger character set, which is nicely illustrated by 
the XKCD cartoon

http://imgs.xkcd.com/comics/password_strength.png

Considering that it's hard to type a wide character set (I probably 
touch-type '&' correctly about 70% of the time), I actually like long 
alpha passwords.

It is strange though that the complexity of the new requirements varies 
so much:

(24+24+10+12)^9  or 4.0354e+16
(24+24+10)^10    or 4.3080e+17
(24+24)^12       or 1.4959e+20
(24)^20          or 4.0200e+27

except, of course, the alphabetic strings aren't likely to be purely 
random but rather dictionary words, which would reduce the complexity 
spread.

Richard's complexity is (24+24+10)^8, or 1.2806e+14 which is not that 
much worse than the low end. We all know that he'll just add '1' to his 
existing password :)



except, of course, the alphabetic strings aren't going to be purely 
random but rather dictionary words, which would reduce the complexity 
spread.
-- 
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel



(Log in to post comments)


Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds