50 characters ? (was RE: Man jailed over computer password refusal
James Firth
james2 at jfirth.net
Fri Oct 15 15:56:55 BST 2010
> Not really relevant but I think I could remember a 40-50
> character password if it was derivable from a poem or a song or
> similar, or if it was mostly dictionary words.
On the crypto angle NIST recons the entropy in English language passphrases
is so low that one needs over 50 characters to achieve 80-bit equivalent key
strength.
http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf
Of course the entropy significantly increases if one uses random
capitalisation and illogical placing of alphanumerical characters, which
then somewhat obviously can make the passphrase less memorable.
James Firth
More information about the ukcrypto
mailing list