I know I may have my trainspotting hat on (sorry, Francis Bourgeois), but I found this really interesting.
Which of the following two passwords is stronger,
more secure, and more difficult to crack?
D0g.....................
PrXyc.N(n4k77#L!eVdAfp9
You probably know this is a trick question, but the answer is: Despite the fact that the first password is HUGELY easier to use and more memorable, it is also the stronger of the two! In fact, since it is one character longer and contains uppercase, lowercase, a number and special characters, that first password would take an attacker approximately 95 times longer to find by searching than the second impossible-to-remember-or-type password!
ENTROPY: If you are mathematically inclined, or if you have some security knowledge and training, you may be familiar with the idea of the “entropy” or the randomness and unpredictability of data. If so, you'll have noticed that the first, stronger password has much less entropy than the second (weaker) password. Virtually everyone has always believed or been told that passwords derived their strength from having “high entropy”. But as we see now, when the only available attack is guessing, that long-standing common wisdom . . . is . . . not . . . correct!
The only thing an attacker can know is whether a password guess was an exact match . . . or not. The attacker doesn't know how long the password is, nor anything about what it might look like. So after exhausting all of the standard password cracking lists, databases and dictionaries, the attacker has no option other than to either give up and move on to someone else, or start guessing every possible password.
Read about it here: https://www.grc.com/haystack.htm
Password Padding
Moderators: Dragonrider, jay, thecaretaker, inspector
- thecaretaker
- Forum Administrator
- Posts: 7761
- Joined: 15th Jun 2001 at 1:00pm
- Pebble
- Registered Member
- Posts: 73
- Joined: 29th Jan 2022 at 8:32am
Nov 2022
14
18:54
Re: Password Padding
Wow, fascinating read. I thought my passwords were "strong" but apparently not. ![[Shock.png] [Shock.png]](./images/smilies/Shock.png)
![[Shock.png] [Shock.png]](./images/smilies/Shock.png)
- Keyolder
- Registered Member
- Posts: 5562
- Joined: 24th Jan 2009 at 12:28am
Nov 2022
14
23:35
Re: Password Padding
Same here
![[Shock.png] [Shock.png]](./images/smilies/Shock.png)
I don't suffer from insanity, I enjoy every minute of it... ![[Crazy.png] [Crazy.png]](./images/smilies/Crazy.png)
![[Crazy.png] [Crazy.png]](./images/smilies/Crazy.png)
If you don't know where you are going, any road will get you there.