[OpenID] OpenID and SSO
Anders Feder
lists.anders at feder.dk
Sat Jun 28 01:36:42 UTC 2008
fre, 27 06 2008 kl. 20:20 -0500, skrev Eric Norman:
>
> > Is "asasasasasasasasasasasasasasasasasas" a better password then
> > "6 at h." because there are more keystrokes?
>
> Sure it is -- lots better, but not directly because of the keystrokes.
> Is there some metric that says otherwise?
There is, but a better example is:
Is "polyester" a better password than "6 at h."?
The user has to perform more than twice as many keystroke actions! Yet a
simple dictionary attack will crack the former while the latter must be
brute-forced character-by-character.
--
Anders Feder <lists.anders at feder.dk>
More information about the general
mailing list