> > i saw that in the readme: "Password string has a minimum length of 20 > > characters." > > aren't 10 byte passwords enough? i dont like having to learn 20 byte > > passwords =( > > No, 10 byte passwords are NOT enough. Given that they are > printable ascii characters and subject to a variety of other entropy > reducing issues, a password "byte" is probably only worth about 6 > bits of entropy, maybe (probably) less. That gives you only about > 60 bits of strength against brute force. Not enough... > > Rule of thumb... (although all "rules of thumb are bad since > they lead to guessible patterns.) Pass WORD is bad. Pass PHRASE is > better. Make it several words with number substitutions and odd > punctuation. Make at LEAST one word misspelled, especially if the > mispelling is one of the numbers. (Example: Wizard -> W122@xx!). > The sillier (or obnoxious, or obscene) the better (easier to remember, > harder to guess). Basic mnemonics. You won't forget and > 1t_wi11-b3=@xxxxxxx)H! t0 gu3ss..! (it will be a bitch to guess) :-) well, im usually using passwords like "4wj8s06bj2" or "7e1t91436g", not any english or whatever words!! so if i would have to learn a 20 byte password in that format it would be like "v1872cqad730lbsq53i8" or "0v7g25y0mp49n26yrntb" and learning that isnt easy, is it? ;) Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
