Private data protection.
Andy Green
andy at openmoko.com
Sat May 31 17:32:58 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Somebody in the thread at some point said:
| On Sat, May 31, 2008 at 2:04 AM, Vinc Duran <uberpfloyd at gmail.com> wrote:
|> You could make it longer too. I mean you could require receiving multiple
|> sms's. It could be a very long key.
|>
|
| Why bother?
| Even using only alphanumeric characters (I've counted 62 characters)
| there are more than 10^216 possible keys [1]. That means that somebody
I read an provocative estimate a year or so ago that each extra
character of a password adds only on average 1.5 bits of entropy to it.
~ Considering how most passwords are formed from dictionary words, albeit
slightly modified or appended, it sounds about right.
And that's ignoring the passwords that are some variation of 1234,
"password", or are to be found underneath the keyboard[1], etc.
- -Andy
[1] The case in Zaavi shop in Oxford Street, London I was amused to
discover recently. And the Three shop in Kettering actually had their
login credentials laminated and pinned to the wall for all to read --
how many bits of entropy is that despite the huge "password space" that
could exist?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkhBb6oACgkQOjLpvpq7dMox6wCeMCjL5GzEJ+lL9SCpsZKpvEaM
YUIAoI1T7uA2UksfVR9DK7fu1AqJLsMi
=N8nt
-----END PGP SIGNATURE-----
More information about the community
mailing list
