[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Preseeded setting on openssh-server ignored

On Sat, 14 Jun 2014 22:32:16 -0400
Jerry Stuckle <jstuckle@attglobal.net> wrote:

> On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:

...

> > Here's a way to generate a *truly* random password that is *also* memorable:
> > 
> > http://diceware.com
> > 
> > Instead of using your computer to generate allegedly random bits, you
> > use five six-sided dice to generate truly random bits.
> > 
> > 
> > -- Patrick
> > 
> > 
> 
> Not good at all.  With 5 dice, you have 6^5 or 7,776 possible
> combinations.  Just figuring 5 upper and lower case characters and
> numbers, you have 62^5 or 916,132,832 (more if you add special
> characters).  Even a 3 alphanumeric (upper and lower) case character
> password has 238,328 possible combinations.
> 
> I wouldn't even consider this a weak password.  It's much worse than
> that.  The fact you can have combinations of words doesn't add that much
> security, especially if someone thinks you're using the diceware list.

I think there's a miscommunication here; the diceware instructions are
to use five dice *per word*, and recommend either five or six words as
a minimum:

http://world.std.com/~reinhold/diceware.html
http://world.std.com/~reinhold/dicewarefaq.html#howlong

Celejar
Reply to: