[wp-hackers] Admin Login Brute Force Attacks
Ian Dunn
ian at iandunn.name
Wed Mar 20 23:00:53 UTC 2013
I used to really like passphrases, but I don't think they're as strong
today as they used to be. The XKCD example, for instance, only has 44
bits of entropy, which is pretty weak by today's standards.
I decided to make the switch* to letting my password manager generate
things like 8=%^MzUV+J.giQv)>$GbH{-w3"xhP6[YW#at?&jD, which have ~240
bits. They're much stronger than passphrases, and more convenient too.
I do like passphrases for the master password on the password manager,
though. And they're also great for users who can't/won't use a password
manager.
* I wrote about it at
http://iandunn.name/what-really-makes-a-password-strong/, and included
lots of links to source materials, if anyone is interested.
On 03/20/2013 03:45 PM, John Blackbourn wrote:
> On 20 March 2013 22:30, Doug Stewart <zamoose at gmail.com> wrote:
>> Correct horse battery staple.
> In case anyone thinks Doug has gone bonkers, this is a reference to
> this XKCD thread which quite neatly explains entropy in passwords:
> http://xkcd.com/936/. Basically, length is the all-important factor in
> password strength.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list