On Vi, 31 ian 14, 17:19:08, Scott Ferguson wrote: > > It's not only common (in some industry sectors 12 *random* characters > regularly changed and never repeated is mandated), it's good security. > Despite what some will advise entropy is the measure of exhaustion - > resulting from *brute* force attacks. 50% of the time a brute force will > only require half the entropy to succeed. Due to human bias (failure to > use random passwords and *password* *managers*) the majority of the time > passwords that exceed 8 characters will be composed solely of words, and > brute force difficulty != dictionary attack difficulty (see Niquist and > Shannon). A significant percentage of the time those word based > passwords will be a phrase... with even lower attack difficulty. And the obligatory XKCD: https://xkcd.com/936/ Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser Offtopic discussions among Debian users and developers: http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic http://nuvreauspam.ro/gpg-transition.txt
Attachment:
signature.asc
Description: Digital signature