Great Password Complexity vs. Pass Phrase Post

A very good friend of mine recently posted a great password complexity vs pass phrase article here. That agrees with something I have said for a very long time. I read it first in a series of security articles (Part 1, Part 2, Part 3) some years on Microsoft TechNet that changed my mind forever. Here I want to summarize those points with some brief math to demonstrate why I like pass phrases.

If you have an 8 character password that is complex it means that there are 8 characters in the password and approximately 90 characters that could be used for any of the 8 in the password, 26 letters in the alphabet lower and upper = 52, 10 numbers plus there symbols = 20 + 52 = 72, 18 various other type-able symbols. This gives us the following information

90^8=4,304,672,100,000,000 (90 possible characters and 8 spaces gives that many possible passwords)

Now lets take a paraphrase that is 20 characters long that has 57 possible characters (52 letters !.?, and a space)

57^20=131,068,133,085,775,282,769,190,451,412,780,000 (56 possible characters and 8 spaces gives that many possible passwords)

I think that speaks for itself.

Advertisements

One Response

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: