[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: A better way to think about passwords
From:       "Devin Fisher" <lists () meumonus ! com>
Date:       2011-04-21 12:56:43
Message-ID: 318748732-1303390604-cardhu_decombobulator_blackberry.rim.net-314105823- () bda2310 ! bisx ! prod ! on ! blackberry
[Download RAW message or body]

If you leave it up a user, they'll choose nothing, or the last four of the social. There should be criteria, but not public criteria.
------Original Message------
From: Nicholas Cole
Sender: gnupg-users-bounces@gnupg.org
To: gnupg-users@gnupg.org
Subject: Re: A better way to think about passwords
Sent: Apr 21, 2011 4:09 AM

Isn't the real problem that *any* policy (suggested or enforced)
reduces the complexity of guessing a password?  The moment you start
saying "pick three words separated by a space or dash" or "pick eight
random letters" or the like you make it easier to attack a password.
My employer insists on passwords that meet a defined and public set of
criteria.  I'm sure that in theory that actually makes them easier to
crack, since many millions of possibilities can be discounted.

In short: don't force a particular strategy on your users.  Much
better to explain to users the general problem, and then leave it up
to them to pick a password.

Nicholas

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

-Devin
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]