Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
Re: [opensuse-factory] Tumbleweed full disk encryption passphrase
On 2018-05-24 14:25, Anton Aylward wrote:
On 24/05/18 05:09 AM, Johannes Meixner wrote:

I think for companies/organizations it seems not to matter
to make things actually more secure. It seems what matters
more is that companies/organizations can feel safe because
they had enforced the right (well known/old) rules and then
when things go wrong they can claim it is not their fault.

See also:
A pair of studies done in 2011 and 2012 on password length and construction
showed two things: first, customer frustration increases significantly with
complexity, but less so with length. Second, a number of password cracking
algorithms can be more easily thwarted by a long password that is created
without number, symbol, or case requirements than are shorter passwords that
required to be complex, particularly for a large number of guesses. That is,
shorter, more complex password restrictions beget passwords that can be more
frustrating to everyone except the only entity who shouldn’t have it: the
password cracker.

In practical terms, because of the buffer sizes and hashes, a length limit of
512 characters should be considered adequate for most purposes.

I would, however, point out that Leo Marks mentions in his book "between Silk
and Cyanide" that picking a phrase from a poem or nursery rhyme (or movie or
novel) may defeat traditional computational and combinatorial methods, it
defeat a human versed in your culture. In modern terms that means a high
AI with access to the Net, YouTube, Guttenberg and more can draw on sources
resources. Eventually there will be AIs that run an emulation of you....
But for now, length beats complexity.

Like scanning facebook and others :-p

The real pisassnts are the 4 digit PIN codes ...

I know banks that use that.

Cheers / Saludos,

Carlos E. R.
(from 42.3 x86_64 "Malachite" at Telcontar)

< Previous Next >