[wp-hackers] Admin Login Brute Force Attacks

Ian Dunn ian at iandunn.name
Wed Mar 20 23:00:53 UTC 2013

I used to really like passphrases, but I don't think they're as strong 
today as they used to be. The XKCD example, for instance, only has 44 
bits of entropy, which is pretty weak by today's standards.

I decided to make the switch* to letting my password manager generate 
things like 8=%^MzUV+J.giQv)>$GbH{-w3"xhP6[YW#at?&jD, which have ~240 
bits. They're much stronger than passphrases, and more convenient too.

I do like passphrases for the master password on the password manager, 
though. And they're also great for users who can't/won't use a password 

* I wrote about it at 
http://iandunn.name/what-really-makes-a-password-strong/, and included 
lots of links to source materials, if anyone is interested.

On 03/20/2013 03:45 PM, John Blackbourn wrote:
> On 20 March 2013 22:30, Doug Stewart <zamoose at gmail.com> wrote:
>> Correct horse battery staple.
> In case anyone thinks Doug has gone bonkers, this is a reference to
> this XKCD thread which quite neatly explains entropy in passwords:
> http://xkcd.com/936/. Basically, length is the all-important factor in
> password strength.
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers

More information about the wp-hackers mailing list