Passwords: does size matter, what characters?
Drew Van Zandt
drew.vanzandt at gmail.com
Fri Mar 10 11:15:01 EST 2006
If I were brute-forcing, I'd use a prehashed dictionary plus these
substitutions:
1 for i
0 for o
@ and 4 for a
I feel that something like gpw generates passwords that I can remember
and that are pretty unlikely to be hit by a dictionary attack... and
yet they don't pass the "strong password" bull* with the "you must
have mixed case, a number, and punctiation."
I submit that e.g. orisatrone (gpw password I retired 3 years back) is
a better password that Passw0rd! - but it's easier for me to remember.
I haven't used it in 3 years and I still remember it.
--DTVZ
More information about the gnhlug-discuss
mailing list