rjoc04679

[Garrett Wollman]

<<On Thu, 31 Mar 2011 07:30:23 -0400, "Dale H. Cook" <radiotest@plymouthcolony.net> said:

> It would, however, be stronger if it contained no words that were 
> vulnerable to a dictionary attack. "NSzYAYh-40%PYICi&2" is much 
> stronger, as it contains no dictionary words and incorporates three 
> non-alpha-numeric characters (-, % and &) instead of one (-) repeated 
> three times.

Not really.  Both of you guys need to hear Bill Cheswick's rant about
"eye of newt" password-construction rules.  He recommends taking three
random (and having them be random is *important*) words from a
4,096-entry dictionary and combining them in some memorable way; that
gives you 3*12=36 bits of password entropy, which is sufficiently
strong for most purposes while still within the capacity of our poor
monkey brains to memorize.  You and I may have no problem memorizing
"StEb+B4489AZb" but normal people do!

-GAWollman