On Sat, 2014-02-01 at 11:21 +0200, Andrei POPESCU wrote: > On Vi, 31 ian 14, 17:19:08, Scott Ferguson wrote: > > > > It's not only common (in some industry sectors 12 *random* characters > > regularly changed and never repeated is mandated), it's good security. > > Despite what some will advise entropy is the measure of exhaustion - > > resulting from *brute* force attacks. 50% of the time a brute force will > > only require half the entropy to succeed. Due to human bias (failure to > > use random passwords and *password* *managers*) the majority of the time > > passwords that exceed 8 characters will be composed solely of words, and > > brute force difficulty != dictionary attack difficulty (see Niquist and > > Shannon). A significant percentage of the time those word based > > passwords will be a phrase... with even lower attack difficulty. > > And the obligatory XKCD: > https://xkcd.com/936/ > > Kind regards, > Andrei Since no one mentioned it on this thread, I better ask: Isn't it the case where the randomness of the key/password composes the overall quality of the crypto substitutions in such a way that 4096bit keys would necessarily provide better protection against cryptanalysis when compared to dozens of random, valid characters? -- André N. Batista GNUPG/PGP KEY: 6722CF80
Attachment:
signature.asc
Description: This is a digitally signed message part