February 13, 2005

201 words 1 min read

Password Chic?

Apparently passwords are no longer in style. One of our loving friends at Micro$oft posted this blog entry. To summarize, he says “use pass phrases”. Apparently Windoze 2k/XP/2k3 all support 127 character ‘passwords’. So instead of one pseudo-random password that’s only 8-10 characters you should have a 30 character pass phrase, because after about 14 characters it gets very difficult very fast to brute force.

I personally use a 15-25 character password, but I never thought of it as a pass phrase. To compliment Robert Hensing’s method, He says use symbols like anything you would normally see in a sentence, Now I suggest replacing random letters (even if it is in l337 style) and spaces with numbers or other symbols. So, it may make the pass phrase a tiny bit more difficult to remember, but it makes it a lot more difficult to crack.

All lower case letters = 26

All uppercase letters = 26

Symbols = 32

Numbers = 10

Total = 94 possibilities

(I hope the following math is right) 20 character password at 94 type able characters = 2.90106E+39 possibilities. Compare this to your standard 8 character password @ 6.09569E+15 possibilities. Or how about 30 characters? 1.56256E+59 possibilities.