A very good friend of mine recently posted a great password complexity vs pass phrase article here. That agrees with something I have said for a very long time. I read it first in a series of security articles (Part 1, Part 2, Part 3) some years on Microsoft TechNet that changed my mind forever. Here I want to summarize those points with some brief math to demonstrate why I like pass phrases.
If you have an 8 character password that is complex it means that there are 8 characters in the password and approximately 90 characters that could be used for any of the 8 in the password, 26 letters in the alphabet lower and upper = 52, 10 numbers plus there symbols = 20 + 52 = 72, 18 various other type-able symbols. This gives us the following information
90^8=4,304,672,100,000,000 (90 possible characters and 8 spaces gives that many possible passwords)
Now lets take a paraphrase that is 20 characters long that has 57 possible characters (52 letters !.?, and a space)
57^20=131,068,133,085,775,282,769,190,451,412,780,000 (56 possible characters and 8 spaces gives that many possible passwords)
I think that speaks for itself.
Filed under: Computing
[...] http://poseidom.wordpress.com/2008/06/04/great-password-complexity-vs-pass-phrase-post/ [...]