50 characters ? (was RE: Man jailed over computer password refusal

James Firth james2 at jfirth.net
Fri Oct 15 15:56:55 BST 2010

> Not really relevant but I think I could remember a 40-50
> character password if it was derivable from a poem or a song or
> similar, or if it was mostly dictionary words.

On the crypto angle NIST recons the entropy in English language passphrases
is so low that one needs over 50 characters to achieve 80-bit equivalent key


Of course the entropy significantly increases if one uses random
capitalisation and illogical placing of alphanumerical characters, which
then somewhat obviously can make the passphrase less memorable.

James Firth

More information about the ukcrypto mailing list