• search blarney

   

• recent posts

  • Published again
  • About Penny
  • The bane of every washing machine
  • Published
  • Email win
  • Email: so far so good
  • Managing email
  • Wattvision setup
  • Joseph's vs. Taylor's Biscuits
  • Letter to Senator Orrin Hatch on the Finance Reform Bill
  • Happy things
  • The Why of Education
  • Why we have skeptics
  • Flu shots aren't good science
  • Krugman was partly right

• browse by category

  • • Published again
    • About Penny
    • The bane of every washing machine
    • Published
    • Email win
    • (more...)
  • art
    • Wed Sep 2 13:24:08 MDT 2009
    • Politics and the English Language
    • Pizzeria Seven Twelve revisited
    • Why my scooter is a Genuine
    • There really is no secret
    • (more...)
  • comics
    • Wed Sep 2 13:24:08 MDT 2009
    • Shameless
    • Clouds-schmouds
    • She said 'melancholy' as if it were a bad thing...
    • Swinging a cat
    • (more...)
  • economics
    • Email win
    • Email: so far so good
    • Managing email
    • Letter to Senator Orrin Hatch on the Finance Reform Bill
    • Krugman was partly right
    • (more...)
  • education
    • The Why of Education
  • energy
    • Wattvision setup
    • No Such Thing as Nuclear Waste
    • Consider the atom (please)
  • faith
    • Science as religion
    • An expected end
    • On faith
    • Writing and religion
    • On marriage
    • (more...)
  • family
    • About Penny
    • The bane of every washing machine
    • Hiking Timp with Brooke
    • Cabin Tripp
    • Bear holding a shark
    • (more...)
  • food & dining
    • Joseph's vs. Taylor's Biscuits
    • Pizzeria Seven Twelve revisited
    • and cultural
    • Nuggets o' wisdom for Mouseketeers
    • Biaggi's Ristorante Italiano
    • (more...)
  • friday
    • Foto Friday: pull up a chair!
    • Foto Friday: Mongolian Stir Fry
    • Foto Friday: wasp
    • Foto Friday: elevator fire
    • Foto Friday
    • (more...)
  • friends
    • Hiking Timp with Brooke
    • Shameless
    • Wherein I give thanks to Walmart and a fire fighter
    • Memory Lapse 2009
    • Richard Barnes Swims English Channel
    • (more...)
  • funny
    • Wed Sep 2 13:24:08 MDT 2009
    • and cultural
    • Shameless
    • Bear holding a shark
    • This title is self-referential
    • (more...)
  • government
    • Letter to Senator Orrin Hatch on the Finance Reform Bill
    • Flu shots aren't good science
    • Krugman was partly right
    • It can wait. It really can.
    • Told ya: OLPC doesn't work
    • (more...)
  • learning
    • The bane of every washing machine
    • Email win
    • Email: so far so good
    • Managing email
    • The Why of Education
    • (more...)
  • media
    • Told ya: OLPC doesn't work
    • Politics and the English Language
    • Best. Alphabet song. Evar.
    • Too much connectivity is a bad thing
    • Correlation: unhappy people and TV
    • (more...)
  • movies
    • About Penny
    • Hiking Timp with Brooke
    • Memory Lapse 2009
    • Ratatouille: Because I'm a cook
    • In which we take a big drink
    • (more...)
  • nature
    • Hiking Timp with Brooke
    • Cabin Tripp
    • Science as religion
    • Photo Sunday: ants on a log
    • Sunday afternoon
    • (more...)
  • personal
    • About Penny
    • The bane of every washing machine
    • Happy things
    • Hiking Timp with Brooke
    • Why my scooter is a Genuine
    • (more...)
  • photo
    • About Penny
    • Joseph's vs. Taylor's Biscuits
    • Hiking Timp with Brooke
    • and cultural
    • Cabin Tripp
    • (more...)
  • politics
    • Why we have skeptics
    • Krugman was partly right
    • It can wait. It really can.
    • Told ya: OLPC doesn't work
    • Politics and the English Language
    • (more...)
  • quotes
    • There really is no secret
    • On people who make great things
    • The Work of a Critic
  • ranting
    • Flu shots aren't good science
    • Krugman was partly right
    • It can wait. It really can.
    • Told ya: OLPC doesn't work
    • Too insulated from risk to fail
    • (more...)
  • science
    • Why we have skeptics
    • Flu shots aren't good science
    • Told ya: OLPC doesn't work
    • The perils of conformity
    • Maybe economics is bunk
    • (more...)
  • security
    • This won't bother you...
    • Who do you think you are?
    • Do NOT discard brain
    • Airport security is a sham
    • Whom do you trust?
    • (more...)
  • smarts
    • Email win
    • Email: so far so good
    • Managing email
    • Why we have skeptics
    • Flu shots aren't good science
    • (more...)
  • society
    • The Why of Education
    • Flu shots aren't good science
    • Krugman was partly right
    • It can wait. It really can.
    • Told ya: OLPC doesn't work
    • (more...)
  • stories
    • Why my scooter is a Genuine
    • Wherein I give thanks to Walmart and a fire fighter
    • Drowned
    • Miscellanea
    • Of corn dogs and microwave ovens
    • (more...)
  • tech
    • Published again
    • Published
    • Email win
    • Email: so far so good
    • Wattvision setup
    • (more...)
  • verse
    • Reflections on a piece of pumpkin pecan pie
    • Mountain path in late summer
    • Out of the embers
    • Zen and the art of hot cocoa
    • Dark currents
    • (more...)
  • wisdom
    • Email win
    • Email: so far so good
    • Happy things
    • Krugman was partly right
    • It can wait. It really can.
    • (more...)
  • words
    • The Why of Education
    • Politics and the English Language
    • and cultural
    • Why my scooter is a Genuine
    • Word of the day: coip
    • (more...)
  • work
    • Published again
    • Published
    • Email win
    • Managing email
    • Letter to Senator Orrin Hatch on the Finance Reform Bill
    • (more...)
  • writing
    • Published again
    • Published

• browse by date

  • Dec 2011
    • Published again
  • Oct 2011
    • About Penny
    • The bane of every washing machine
  • Sep 2011
    • Published
    • Email win
    • Email: so far so good
    • Managing email
  • Mar 2011
    • Wattvision setup
  • Feb 2011
    • Joseph's vs. Taylor's Biscuits
  • May 2010
    • Letter to Senator Orrin Hatch on the Finance Reform Bill
  • Apr 2010
    • Happy things
  • Feb 2010
    • The Why of Education
  • Nov 2009
    • Why we have skeptics
  • Oct 2009
    • Flu shots aren't good science
    • Krugman was partly right
    • It can wait. It really can.
  • Sep 2009
    • Told ya: OLPC doesn't work
    • Hiking Timp with Brooke
    • Wed Sep 2 13:24:08 MDT 2009
  • Aug 2009
    • Politics and the English Language
    • Too insulated from risk to fail
    • Pizzeria Seven Twelve revisited
    • and cultural
  • Jul 2009
    • The perils of conformity
    • Why my scooter is a Genuine
    • Maybe economics is bunk
    • Goodbye QuickSilvεr, Hello Google Quick Search + Proxi + Growl!
    • Cabin Tripp
    • (more...)
  • Jun 2009
    • Climate change followup
    • Science as religion
    • Photo Sunday: ants on a log
    • No Such Thing as Nuclear Waste
    • Shameless
    • (more...)
  • May 2009
    • How to spend money
    • 25 and over
    • Wherein I give thanks to Walmart and a fire fighter
    • On people who make great things
    • Nuggets o' wisdom for Mouseketeers
    • (more...)
  • Apr 2009
    • Best. Alphabet song. Evar.
    • Biaggi's Ristorante Italiano
    • Clouds-schmouds
  • Mar 2009
    • On having one's performance managed
    • You haven't heard enough about the AIG bailout
    • Hauser's Law: raising taxes doesn't help
    • FDIC to the rescue
  • Feb 2009
    • Memory Lapse 2009
  • Jan 2009
    • This won't bother you...
    • Who do you think you are?
    • New maintainer for Linux::TaskStats::Read
  • Dec 2008
    • The power of joy
    • Discerning quality
    • Pizzeria Seven Twelve
  • Nov 2008
    • Sunday afternoon
    • savelogs 1.90 released
    • On responsibility
    • Too much connectivity is a bad thing
    • This title is self-referential
    • (more...)
  • Oct 2008
    • On being unaffiliated
    • She said 'melancholy' as if it were a bad thing...
    • Halloween at our house
    • Are you a qualfied individual?
    • Utah voting: how to do a write-in candidate
    • (more...)
  • Sep 2008
    • I will never move again
    • Foto Friday: pull up a chair!
    • Swinging a cat
    • Restaurant: Tango House
    • Foto Friday: Mongolian Stir Fry
    • (more...)
  • Aug 2008
    • Foto Friday
    • Paul Graham on doing what you love
    • Eccentric programmer
    • Business::PayPal::NVP 1.02 released
    • Preston sleeping
    • (more...)
  • Jul 2008
    • New job
    • subtract - delete matching lines from text files
    • New blog - Scott's blarney
    • Mountain path in late summer
    • OS X: unmounting error 49153
    • (more...)
  • Jun 2008
    • Never saying goodbye
    • Fishing trip to Alaska
    • Farewell, Bluehost! I barely knew ye...
    • Dishonesty
    • Learning to be brave
    • (more...)
  • May 2008
    • On being labeled
    • New knowledge
    • Advice to a young woman
    • What I'm thinking
    • In which we survive a night camping without sleeping bags
    • (more...)
  • Apr 2008
    • Dark currents
    • Solicitation
    • Er, (un)thanks!
    • Wholeness
    • You owe me
    • (more...)
  • Mar 2008
    • Prerequisites
    • Writing and religion
    • On learning
    • The nature of intelligence
    • Natural gifts
    • (more...)
  • Feb 2008
    • Labeling and judgement
    • Why I hate personality typing
    • Thank you for that item
  • Jan 2008
    • Jackson Hole Soda Company Buckin' Rootbeer
    • Fond Farewell
    • The Work of a Critic
  • Dec 2007
    • Breakfast
    • Faygo Original Root Beer
    • On the age of passion
  • Oct 2007
    • Making 'find' go faster
    • The House in Frazier Hollow
    • Wendigo
  • Sep 2007
    • Teddy's Root Beer
    • My Root Beer Interview with Mikal Bellicove
  • Jul 2007
    • Hank's Gourmet Philadelphia Recipe Root Beer
  • Jun 2007
    • On marriage
  • May 2007
    • Sioux City Birch Beer
    • Virgil's Root Beer
    • Pictures of Lady Beetle Larvae and Aphids
  • Apr 2007
    • Reed's Raspberry Ginger Brew
    • Americana vs. Sprecher
    • Bundaberg Ginger Beer
    • Reed's Spiced Apple Brew
  • Feb 2007
    • Bulldog Root Beer
  • Nov 2006
    • Tommyknocker Root Beer
  • Oct 2006
    • SOCKS5 Proxy Server on FreeBSD
    • The Ginger People Ginger Beer
  • Sep 2006
    • Moab Brewery Root Beer
    • Americana Root Beer
    • Boylan's Root Beer
    • Boylan's Birch Beer
    • Buderim Ginger Authentic Australian Ginger Brew (Yank Style)
    • (more...)
  • Aug 2006
    • Confessions of a Wasp-Hating Coward
    • Schneier: Last Week's Terrorism Arrests
    • Password Strength: Complexity vs. Length
  • Jul 2006
    • On agency
    • Thomas Greene: Crashing the Wiretapper's Ball
  • May 2006
    • Mothers Day
  • Mar 2006
    • Barrel Brothers Root Beer
  • Jan 2006
    • osx2x - control a remote X server from OS X
  • Oct 2005
    • Briar's Root Beer
    • Jones Root Beer
    • Henry Weinhard's Root Beer
    • Howie's Root Beer
    • IBC Root Beer
    • (more...)
  • Sep 2005
    • Hiking to Pika Cirque on Mount Timpanogos
    • Root Beer Ratings
    • Schneier: Movie-Plot Threats
    • The Six Dumbest Ideas in Computer Security
    • Upgrading Milter-Greylist
    • (more...)
  • Jul 2005
    • Releasing a DHCP lease
  • May 2005
    • xset is good to know
    • Milter-Regex Problems
    • Setting up a Wireless Gateway
    • Brazilian Limeade
  • Mar 2005
    • Missing Devices from FreeBSD 5.2.1 to 5.3
    • Upgrading FreeBSD 5.x to 5.y
    • Remounting procfs
  • Aug 2004
    • Mounting a USB drive
  • Jul 2004
    • Duran-Duran in Concert: 1984
  • Sep 2003
    • Mille Bournes: near perfection

Password Strength: Complexity vs. Length

A few weeks ago, Jason Meserve pointed out an article by columnist Roger Grimes who said that longer passwords are stronger than shorter but more complex passwords. Meserve solicited some feedback:

http://www.networkworld.com/nlvirusbug43268

I took the challenge and responded with this:

"Grimes is right on when he suggests that length is more of a
factor than complexity. Attached is a graph showing how quickly
three password character sets grow in possible combinations
(logarithmic scale). I throw in a dictionary word set to
illustrate another point about memorability.

I (personally) don't find a simple/long password any less
daunting than a complex password, because for both to be
effective the characters have to be somewhat randomly ordered.
Even if we reduce the set of characters to 28 (lowercase alphas
plus space and period), a long random string of those isn't much
better than a slightly shorter but more complex password.

A "simple" password should be memorable, possibly using some
word combinations (e.g. PayPal's password generating system used
to be two dictionary words glued together with a couple of
punctuation or digit characters--it may still be).

When this is the case, the "character set" (each word in the
lexicon effectively becomes a character) is about 50K and has a
solution space that grows much more quickly than single
character password sets.

That is, a password that uses random 5 dictionary words (5-7
characters each) is roughly as strong as a 16 character password
from a randomly generated small (28 char) set. Adding one more
word (6 words) is roughly equivalent to a 19 character (28 char
set) or 14 character (95 char set).

Character for character, however (this is where the graph is
misleading), the dictionary set is far longer (25-35 total
characters) than the 19 random characters from the small set,
but the dictionary set will likely be far more memorable than
random characters, which a good password should be. Throw in an
intentional typo or two with a 4-word passphrase and you've got
yourself a statistically tough one with few wasted brain cycles.

Fwiw, the old PayPal system (2 medium length dictionary words
plus 1 random character) has a solution space roughly that of a
5 character complex password (that is, not very strong).

And this is the graph:

Password Complexity

Here is the original article. My response starts on page 3:

http://www.networkworld.com/nlsecuritynewsal43559

© 2006 Scott Wiersdorf