[oss] Analysis of XKCD's "Password Strength" comic
Lucian Mogosanu
lucian.mogosanu at cs.pub.ro
Tue Dec 16 10:17:28 EET 2014
Hi,
The guys on the security Stack Exchange site have started a discussion [1] on
XKCD's "Password Strength" comic [2]. One of the answers [3] in particular
provides a more detailed analysis of the choices and underlying assumptions
made by the author to show that the passphrase approach is actually more
efficient in terms of security *and* ease to remember.
The bottom line is that good passwords are both hard to guess and easy to
remeber. I would add that good passwords are necessarily random (e.g. natural
language should be avoided) and coming from a high entropy pool (e.g. a
dictionary has a much higher entropy than the set of printable characters).
[1]: http://security.stackexchange.com/questions/6095/xkcd-936-short-complex-password-or-long-dictionary-passphrase
[2]: http://xkcd.com/936/
[3]: http://security.stackexchange.com/a/6096
Lucian
More information about the oss
mailing list