Jump to content

How long should passwords be?


Obliviator
 Share

How long should passwords be?  

62 members have voted

  1. 1. How long should passwords be?

    • <6
      2
    • 6
      6
    • 7
      0
    • 8
      12
    • 9
      6
    • 10
      6
    • 11
      1
    • 12
      4
    • 13
      3
    • 14
      1
    • 14+
      4
    • Passphrases
      11


Recommended Posts

12 would suffice for now, unless computer speed were to increase exponentially. For those who want to do the math, say that you were to use an alphanumerical passwords with casing, symbols, and ALT+characters. Alphanumerical passwords with cases alone allows 62 different combos. Add that to about 10 symbols and ALT+characters and thats 82 different combos. Since the password length is 12, calculate 82^12, which is about 100,000,000,000,000,000,000,000 different combos. If a cracker managed to take over 10,000 super computers, each capable of trying a billion passwords per/s, it would still take about 100,000 days to crack. But say that halfway between all those possibilities lies your password; that would result in your password being cracked in 50,000 days, or about only 150 years.

Link to comment
Share on other sites


I'm of the opinion the encryption algorithms should be lenghty, slow and ineficient with zero possibilities of optimization. That way increasing the bit size of the password hashes would suffice.

Newayz, with reference to the windows, anything above 8 characters (of course the more the merrier) is good. Take a look here http://www.securityhorizon.com/security_wh...ved/lanman.html

Link to comment
Share on other sites

A good tip I picked up, is to use a sentence if you want a lengthy password. Using the first letter as your code.

Sentence = My Dog Is Lazy And Sleeps From 9 Until 12 Each Day

Password = MDISLASF9U12ED

Sentence = The Bhoys Humped Rangers 1 Goal To Nil On The 9 1 05

Password = TBHR1GTNT9105

You can vary it however you like adding caps and longer sentence but it is pretty handy and easy to remember.

Also remember to change it ever so often !

Hail Hail

Link to comment
Share on other sites

hmm..for a good password..atleast 8 characters with a mix of upper and lower casing. Also put in some numbers. Preferably the password should be something not found in a dictionary eg (VMFe48Jk). Also it should be something that cannot be easily associated with the person..for eg the birthdate. oh and most important..dont write it down!

Link to comment
Share on other sites

Windows doesn't use LM hash for passwords >15 characters.

It's better to have passphrases, with a symbol or high-ascii (ex: alt-255) combination thrown in to really throw off hackers.

Here are some excellent references on good passwords:

Link to comment
Share on other sites

supercalafradgalistickexpealadocious

Nuff said :)

Nuff said. False sense of security.

With Rainbow tables, that password is broken to its knees in less than 10 seconds... :whistle:

Such RT tables *do* exist. Ever heard of Distributed computing? :whistle:

Link to comment
Share on other sites

To explain Rainbow Tables a bit (withouth violating forum rules)...

Rainbow Tables is a method where instead of trying different character combinations to try to "guess" an encoded password, it has a LARGE quantity of already encoded character combinations (Rainbow Tables) in which it is only a matter of seconds to compare an encoded password versus the encodings of hundred of different password combinations.

The method was developed by Dr Philippe Oechslin of The Swiss Federal Institute of Technology in Lausanne. He developed what is currently known as Faster Cryptanalytic Time-Memory Trade-Off, in which large combinations of characters are encoded (using the current Windows pw encoding method) then saved for later reference. One thing to note is that Rainbow Tables are large (300Mb+) and are very time & cpu intensive to generate. Only people with sufficient cpu-power have been able to generate RT tables large enough (>45 characters) to crack almost 90% of previously thought as "secure" passwords in use today.

This is public, legal information currently discussed in popular computing and IT magazines worldwide. Since the development of this method, IT engineering communities have already begun the development of stronger encrypting technologies to subvert and try to get ahead of this and future methods that could render current "safe" encrypting technologies useless or even, obsolete.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...