It depends on the amount of entropy. In laymens terms, the amount of randomness. For example, I use random passwords, all lowercase letters and numbers. This gives 36 possibilities per character, which gives slightly ore than 5 bit of entropy per character. On the other hand, written english has only something like 2 bit of entropy per character. Knowing that your password has n bits of entropy means that an attacker has to spend (at least) 2^n tries to guess right, and more in practice. So if the 20 chars are just ordinary english this would be 40 bits and not long enough. If it is random characters+digite, it is about 100 bits, which is enough by far. Arno On Sat, Jul 18, 2009 at 05:14:28PM +0200, ingo.schmitt@xxxxxxxxxxxxxxxxx wrote: > Hi, > > I know, the longer password the better... > But I wanna ask you, which password length is good and which is too bad. > > My pw is more than 20 chars long - are i'm paranoid? > > thx > catfish > > > On Sat, July 18, 2009 06:17, Arno Wagner wrote: > On Fri, Jul 17, 2009 at 08:34:11AM -0400, Eric Grejda wrote: > > Arno Wagner wrote: > > > No to nitpick, but my approach would be to not boot the computer > > > at all, but remove the drive and copy it (e.g. attached by USB) > > > on a different machine. > > > > Then they start attacking the keys of their copy. Fair enough; can't do > > anything about that but try to use the strongest keys possible. If they > > pull it off, I'd love to hear how they did it, assuming that I'm still > > around. > > Actually they start attacking you and if you destroy the original, > they just hurt you a bit more and restore from that backup. > > Brute-forcing something like LUKS is currently only feasible > for very weak passphrases. > > Arno > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: > arno@xxxxxxxxxxx > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 > 338F > ---- > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > > > > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
