Re: Preseeded setting on openssh-server ignored
On 6/17/2014 7:41 PM, Celejar wrote:
> On Sat, 14 Jun 2014 22:32:16 -0400
> Jerry Stuckle <jstuckle@attglobal.net> wrote:
>
>> On 6/14/2014 2:06 PM, Patrick Chkoreff wrote:
>
> ...
>
>>> Here's a way to generate a *truly* random password that is *also* memorable:
>>>
>>> http://diceware.com
>>>
>>> Instead of using your computer to generate allegedly random bits, you
>>> use five six-sided dice to generate truly random bits.
>>>
>>>
>>> -- Patrick
>>>
>>>
>>
>> Not good at all. With 5 dice, you have 6^5 or 7,776 possible
>> combinations. Just figuring 5 upper and lower case characters and
>> numbers, you have 62^5 or 916,132,832 (more if you add special
>> characters). Even a 3 alphanumeric (upper and lower) case character
>> password has 238,328 possible combinations.
>>
>> I wouldn't even consider this a weak password. It's much worse than
>> that. The fact you can have combinations of words doesn't add that much
>> security, especially if someone thinks you're using the diceware list.
>
> I think there's a miscommunication here; the diceware instructions are
> to use five dice *per word*, and recommend either five or six words as
> a minimum:
>
> http://world.std.com/~reinhold/diceware.html
> http://world.std.com/~reinhold/dicewarefaq.html#howlong
>
> Celejar
>
>
Yes, I understand. But a roll of five dice is less secure than a three
character alphanumeric (upper and lower case) password (7,776 vs.
238,328 combinations). A 6 word password would have approximately the
same security as a 13 character alphanumeric password.
But then you have to type 30-40 characters or so to enter the diceware
password; very few (if any) sites will accept a password that long. The
longest I know of is around 20 characters (my bank).
That severely limits the number of combinations you can get with dice.
Jerry
Reply to: